Risk assessment & mitigation for core security capabilities

Marc J. Dupuis, Karen Renaud

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

Efforts to assure the cybersecurity of an organization's information and systems rely on industry metrics to monitor their current state of play. These, when monitored over time, could also help organizations to determine whether they are improving their stance or lagging behind. We reviewed the literature on metrics and consulted 12 cybersecurity professionals, working in industry, to take a snapshot of the status quo of metric and framework usage. We report on what our respondents told us and conclude by explaining that, although they were aware of metrics, many only used minimal metrics, and few used any existing frameworks. This was primarily due to resource and other business constraints. It seems that we have to encourage and engender more metric usage, and that an automated approach, with an associated dashboard to support reporting, would be the best way to help organizations to benefit from this helpful mechanism.
Original languageEnglish
Title of host publicationeCrime 2024
Publication statusAccepted/In press - 12 Aug 2024
EventeCrime 2024 Boston - Boston, United States
Duration: 24 Sept 202426 Sept 2024
https://apwg.org/event/ecrime2024/

Conference

ConferenceeCrime 2024 Boston
Abbreviated titleeCrime
Country/TerritoryUnited States
Period24/09/2426/09/24
Internet address

Keywords

  • risk metrics
  • cybersecurity
  • management
  • mitigation
  • assessment

Fingerprint

Dive into the research topics of 'Risk assessment & mitigation for core security capabilities'. Together they form a unique fingerprint.

Cite this