Real-Time Security Metrics: Insights Every Risk Management Team Should Monitor

This blog was originally published by OneTrust GRC here.

There is one thing that businesses of all sizes, industries, and sectors have in common – they face a wide range of risk management threats. Specifically, retail, finance, hospitality, government, manufacturing, and healthcare industries face unique security challenges that are best monitored in real-time, through strategic system integrations. Having “purposeful data aggregation and cyber-risk quantification” is an emerging trend that Gartner defined in their 2020 IT Risk Management Critical Capabilities report.

Also in the report, Garner emphasizes the importance of integrations with both a capability category for basic as well as advanced integrations. With the amount of data points across security tools, developing a roadmap to feed insights into your broader risk management strategy can be overwhelming.

So, what security metrics should businesses monitor? In this blog, we outline three different key risk insights that businesses should be monitoring in real-time from the information security perspective. We’ll share examples on how appropriately monitored risk can save your business from a security incident:

1. Synchronize Risk Updates

Risk exposure is a key security metric that businesses should monitor. To do so, synchronize risk updates across various security applications or lines of business to gain insight into your business’ vulnerabilities.

For example, a control monitoring tool (ie., threat and vulnerability management application) may detect an unpatched server. In this instance, the server houses personal information pertaining to your customer base. Because of the vulnerability and the nature of data, it’s critical that any issues associated with this are resolved immediately. With an integrated solution, you can trigger system updates to be shared across related applications. By communicating back the updated severity score on the asset vulnerability, all stakeholders are informed of the latest pertinent information. If this security metric is not monitored appropriately, you face a variety of different risks like getting locked out of your server and being forced to pay a ransom.

2. Measure Response Performance

Having insight into your security incident & event management (SIEM) or security orchestration, automation, and response (SOAR) tools can deliver key insights into your program performance. Security metrics such as your mean time to detect and the meantime to respond to an incident are key indicators that may impact how you triage and prioritize risk. These insights help GRC professionals determine how to best identify gaps in your business and give you a head start on areas where your team needs to improve.

For example, one of your employees had their computer stolen from their car. Thankfully, the employee notified the IT department as soon as they recognized it was stolen and the company was able to shut down the computer virtually. The time to respond to this incident was less than 8 hours, and because of this, no sensitive information was accessed. Understanding security metrics like how different incidents and security events are resolved can help you better improve broader scale initiatives. For instance, if a particular is a high priority and difficult to control (ie., ransomware), you may want to consider monitoring additional metrics to off-set exposure.

3. Identify Shadow IT

Shadow IT is one of the most worrisome problems for businesses in today’s world of new regulations, increasing reliance on digital technology, and the expanding scope of operations both physically and contextually. Essentially, unapproved business applications may be helpful for end users, but businesses can’t effectively manage something that they don’t even know exists. As a result, shadow IT is a consistent security metric blind spot for risk and security managers.

By integrating across your technology stack with systems like cloud access security broker (CASB) and configuration management database (CMDB), you can flag and identify security metrics that were previously unknown to GRC professionals. Connecting with the right systems to maintain the most up-to-date asset register is an essential component to combatting shadow IT.

Security incidents happen, but if your organization monitors these security metrics in real-time, you’ll have a better insight into your key risks.

Get additional information on using risk metrics, collecting risk insights, and improving risk quantification in our webinar, Risk Clarification: Eliminate Your Fears and Doubts About Risk Quantification.