Proving Cybersecurity Effectiveness presented at FutureConLosAngeles 2020

by Brian Contos, Colby Derodeff, Don Wisdom, Mr. Nick Nikols, Marcus Sailler,

Summary : How do we measure cybersecurity effectiveness? How do we prove what’s working, what’s not, how to prioritize, where to invest, and where to retire? Most of us base our cybersecurity effectiveness measures not on evidence, but on assumptions. We assume our cybersecurity tools, people, and processes are working. We hope that vendor claims are true and default configurations are right for us. We pray that if something was working yesterday it should be working today, and that infrastructure, cybersecurity, and related changes won’t degrade our controls. Predicated on these assumptions, we communicate our cybersecurity effectiveness state to leadership, which they leverage to make business decisions. We do all of this without the empirical, evidence-based data that other strategic business units use. This panel will focus on current challenges with proving cybersecurity effectiveness, real-life examples, and paths to help you prove cybersecurity effectiveness within your organization.