Discover Your Security Profile
Informative security metrics presented vertically from operations to executives
Understanding security horizontally from one business unit to another
Traveling from one side of a suspension bridge to the other requires a pillar to provide a foundation from which extends the measured cables that sustain the platform. A simile for developing an effective security management program is a bridge that connects executive management business objectives with the performance of security controls at the operational level.
If the adage of “we cannot manage what we do not measure” is true then we cannot manage security without the correct measurements. Knowing the role of the security controls, how to measure them, and to report on the results is essential to a successful security program.
The Enterprise Security Profile Model (ESPM) improves a security program by connecting the five security functions in the NIST Cybersecurity Framework to a process that produces a quantifiable security profile score. There are three components of the ESPM: Mapping, Measurements and Metrics.
The mapping in the ESPM provides an organization with a high-level perspective of controls while at the same time delivering applicable security controls at the operational level. Security control mapping stands as a pillar on a central framework foundation.
A layered approach to measurements provides a lower cost, continuous assessment. As a part of the measurement process, controls correlated with auditors, engineers, analysts and management provide input into the Enterprise Security Profile Model (ESPM).
The security profile score provides an overall view of the organization based upon the evaluation of each environment. The ESPM metrics tell the cyber security risk story and are broken down into greater detail as it is presented to each level of management.
The result is the ability to connect the organizational security risks and the security program with policies, procedures, standards and guidelines. The cyclical events of the program improve the security posture and security profile with each iteration.
Browse through the components of the ESPM and download the current version.
Contact Verity Security, LLC for integration and use of the ESPM to improve security governance.