, ,

Using ‘Embrace Cybersecurity’ to check on security progress

In a previous blog posts (Business and IT aligned with Cybersecurity and Baselining Cybersecurity), I introduced our ‘Embrace Cybersecurity’ (EC) model for gathering security requirements that can be used to create an information security policy.

Using this method makes it easy to then also follow up on progress. We can do this by creating the right KPIs. From the question ‘How do we meet the goals we chose to aim for?’, we can also define the KPIs. In the EC model this is represented by the ‘Keyword’ cards.

The Toreon security expert drills down on the chosen keyword to define the right metrics. These metrics become the KPIs to measure the security controls put in place.

However, reporting is not enough. The output of the EC model needs to be translated into the right management practices. How this is done, will be discussed in another blog post.

During the adoption of the information security policy, you might come across a misalignment between what the business and IT want as goals. Another blog post will detail how to identify this misalignment and how to get everyone on the same page.

This is key for a functional information security policy.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *