Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Building Organizational Confidence in Cybersecurity

Recently, Tenable Network Security, with research conducted by CyberEdge Group, announced some surprising results from their annual 2017 Tenable Network Security Global Cybersecurity Assurance Report Card. Tenable surveyed 700 security practitioners from nine countries and seven industry verticals to assess the overall confidence levels of information security professionals in detecting and mitigating organizational cyber risk. The biggest takeaway from the report is the overall confidence levels score of 70% (a C- grade), a drop of six points from the year before, reflecting the frustration IT security professionals are facing from the challenges of assessing and mitigating cyber risks across a constantly evolving threat landscape.

Going from impact to solution

Despite the feeling that no amount of defense may ever fully stem the rising tide, moving back into a realm of cybersecurity confidence is possible for most organizations. The key is to bridge the gap between common cybersecurity maturity models and organizational development concepts like Stage Theory.

Stage Theory

Stemming from the health and education industry sectors, Stage Theory is the idea that organizations pass through a series of stages as they change. The integration and growth of cybersecurity within organizations must become part of that evolution. According to Stage Theory, adoption of an innovation follows four steps, and strategies for promoting changes can be matched to points in that process.

The four steps within Stage Theory are:

  1. Develop an awareness of a problem and plan possible solution innovations.
  2. Make a decision to adopt an innovation.
  3. Implement the innovation, which includes redefining it, and modifying organizational structures to accommodate it.
  4. Finally, fully institutionalize the innovation, making it part of the organization's ongoing activities.

Cybersecurity Capability Maturity Model

Cybersecurity maturity models, on the other hand, are a little more tactical and granular than organizational theories. The Cybersecurity Capability Maturity Model (CCMM) provides an introduction to the key activities organizations must implement within their IT security program from the perspective of three main areas: process and analytics, integrated governance, and enabling technology. It also includes three levels of maturity for each activity: limited, progressing or optimizing.

Although the CCMM provides valuable information, the actual execution of this model takes excessive and ubiquitous, top-down, executive sponsorship and support as well as an organization willing to commit to the leg work of combining the organizational theory with maturity modeling.

Committing to this approach translates to pairing different leaders or "change agents" within the organization who assume leading roles during different stages with the establishment and execution of cybersecurity processes, procedures and technologies. It also requires that leaders understand that the strategies their organization uses depends on their stage of change, and whether the nature of the social environment surrounding cybersecurity is supportive or obstructive.

Bridging the gap between security teams and business leaders

The result of properly committing to this approach can change an organization from a philosophy of cybersecurity being something companies begrudgingly do, to cybersecurity becoming part of the culture. This marriage of practices can also move IT security groups out of a relaxed, ad-hoc or subservient role and into a centralized and universal function, much like marketing, human resources, operations or finance is today. This approach can also be valuable in positioning CISOs with the opportunity to report directly to the CEO, as opposed to a CISO reporting to one of the CTOs, who in turn reports to a CIO under the COO.

Cybersecurity must become part of the culture

Finally, with this shift in understanding, organizations can move from elementary, disparate or poorly implemented technologies to an enterprise IT security technology architecture capable of producing actionable intelligence, real-time analysis, predictive modeling and stronger cybersecurity confidence. Any organization that does this will find their confidence rising well above C level in the next Tenable Network Security Global Cybersecurity Assurance Report Card, and have the skills to back up their newfound confidence.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training