Traveling from one side of a suspension bridge to the other requires a pillar to provide a foundation from which extends the measured cables that sustain the platform. A simile for developing an effective security management program is a bridge that connects executive management business objectives with the performance of security controls at the operational level.

Cyber Security Managers, from the executive level to the security operations managers, struggle to secure their organizations with a viable security program. Industry reports list the concerns as the lack of communication, insufficient funding, low trust at executive leadership levels, and inadequate governance (Deloitte, 2015).

If the adage of “we cannot manage what we do not measure” is true then we cannot manage security without the correct measurements. Knowing the role of the security controls, how to measure them, and to report on the results is essential to a successful security program.

The Enterprise Security Profile Model (ESPM) improves a security program by connecting the five security functions in the NIST Cybersecurity Framework to a process that produces a quantifiable security profile score. There are three components of the ESPM: Mapping, Measurements and Metrics.

The result is the ability to connect the organizational security risks and the security program with policies, procedures, standards and guidelines. The cyclical events of the program improve the security posture and security profile with each iteration.

Browse through the components of the ESPM and download the current version. 
Contact Verity Security, LLC for integration and use of the ESPM to improve security governance.

FREE Consultation Available
Schedule a convenient time for a free consultation on how to utilize the Enterprise Security Profile Model.