Use Key Risk Indicators to Diagnose IT Security Performance Measures

During yearly checkups, doctors measure a patient’s health by measuring blood pressure, pulse, body temperature and respiration rate. While we as patients may not understand the science behind these measures, we do understand that values outside benchmarks are indicators of health risks. We can easily explain our health to friends and family because they have the same understanding of health measures and risks.

GreySpark enables IT and business managers to track key performance indicators that represent the vital signs of IT security operations. Leveraging existing tools and sensors, GreySpark reports a simple, up-to-date score that is reflective of the IT risk of an organization, thereby enabling the CISO to effectively communicate with business managers and giving analysts a definitive diagnostic path to underlying risk drivers.

5-minute video primer on GreySpark:

The six risk indicators that GreySpark measures are:

  • New Threats – events not seen before.  New types of threats are less likely to be covered by an existing prescription, increasing risk.
  • Defense Effectiveness – recurring defense activity.  Recurring threats signify ineffective defenses, increasing risk.
  • Opportunity Risk  severity of events.  More serious threats and vulnerabilities are more likely to lead to compromise.
  • Technical Debt – volume/velocity/acceleration/severity of events.  The combination increases team backlog and risk.
  • Score History – confidence measure.  Understanding risk requires sufficient data.
  • Surface Area  known devices reporting.  Blind spots and unknown systems increase risk.

GreySpark builds confidence in the overall health of IT security operations and ultimately aids decision makers in assigning priorities within a business context.