Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Building Organizational Confidence in Cybersecurity

Recently, Tenable Network Security, with research conducted by CyberEdge Group, announced some surprising results from their annual 2017 Tenable Network Security Global Cybersecurity Assurance Report Card. Tenable surveyed 700 security practitioners from nine countries and seven industry verticals to assess the overall confidence levels of information security professionals in detecting and mitigating organizational cyber risk. The biggest takeaway from the report is the overall confidence levels score of 70% (a C- grade), a drop of six points from the year before, reflecting the frustration IT security professionals are facing from the challenges of assessing and mitigating cyber risks across a constantly evolving threat landscape.

Going from impact to solution

Despite the feeling that no amount of defense may ever fully stem the rising tide, moving back into a realm of cybersecurity confidence is possible for most organizations. The key is to bridge the gap between common cybersecurity maturity models and organizational development concepts like Stage Theory.

Stage Theory

Stemming from the health and education industry sectors, Stage Theory is the idea that organizations pass through a series of stages as they change. The integration and growth of cybersecurity within organizations must become part of that evolution. According to Stage Theory, adoption of an innovation follows four steps, and strategies for promoting changes can be matched to points in that process.

The four steps within Stage Theory are:

  1. Develop an awareness of a problem and plan possible solution innovations.
  2. Make a decision to adopt an innovation.
  3. Implement the innovation, which includes redefining it, and modifying organizational structures to accommodate it.
  4. Finally, fully institutionalize the innovation, making it part of the organization's ongoing activities.

Cybersecurity Capability Maturity Model

Cybersecurity maturity models, on the other hand, are a little more tactical and granular than organizational theories. The Cybersecurity Capability Maturity Model (CCMM) provides an introduction to the key activities organizations must implement within their IT security program from the perspective of three main areas: process and analytics, integrated governance, and enabling technology. It also includes three levels of maturity for each activity: limited, progressing or optimizing.

Although the CCMM provides valuable information, the actual execution of this model takes excessive and ubiquitous, top-down, executive sponsorship and support as well as an organization willing to commit to the leg work of combining the organizational theory with maturity modeling.

Committing to this approach translates to pairing different leaders or "change agents" within the organization who assume leading roles during different stages with the establishment and execution of cybersecurity processes, procedures and technologies. It also requires that leaders understand that the strategies their organization uses depends on their stage of change, and whether the nature of the social environment surrounding cybersecurity is supportive or obstructive.

Bridging the gap between security teams and business leaders

The result of properly committing to this approach can change an organization from a philosophy of cybersecurity being something companies begrudgingly do, to cybersecurity becoming part of the culture. This marriage of practices can also move IT security groups out of a relaxed, ad-hoc or subservient role and into a centralized and universal function, much like marketing, human resources, operations or finance is today. This approach can also be valuable in positioning CISOs with the opportunity to report directly to the CEO, as opposed to a CISO reporting to one of the CTOs, who in turn reports to a CIO under the COO.

Cybersecurity must become part of the culture

Finally, with this shift in understanding, organizations can move from elementary, disparate or poorly implemented technologies to an enterprise IT security technology architecture capable of producing actionable intelligence, real-time analysis, predictive modeling and stronger cybersecurity confidence. Any organization that does this will find their confidence rising well above C level in the next Tenable Network Security Global Cybersecurity Assurance Report Card, and have the skills to back up their newfound confidence.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.