Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity
Expel released a new research report, "Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity" by the SANS Institute. Commissioned by Expel, the report shares and analyzes research on a range of security operations center (SOC) practices and outlines the current state of the SOC within many organizations, based on in-depth survey findings of IT and cybersecurity professionals from around the world. This research set out to: 
  • Determine if frameworks are used to define, measure and assess SOC functions and, if so, which framework(s) organizations prefer
  • Assess SOC metrics currently in use and the presence of any policies and training, as well as respondents' sentiment regarding efforts to improve cybersecurity
  • Capture respondents' self-assessment process for their organization's security program maturity and examine the security program components that contribute to maturity
  • Learn if organizations benchmark performance and whether they use KPIs to drive improvements in security processes

"Our research sheds some light on the wide range of frameworks and metrics organizations use, but also shows that respondents have mixed feelings about the maturity of their security programs," said Dave Shackleford, senior instructor at the SANS Institute. "Not enough respondents' organizations have executive-level governance, and too many are missing well-defined training programs. These are important gaps that must be addressed. As security operations mature, we expect to see these areas improve over time, but it will require intentional investment to see impactful results." 

Below are a selection of the insights from the SANS Institute's research: 

The majority of respondents employ a cybersecurity framework, with the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) being most popular.

The survey found that 69.4% of respondents currently use a framework to help define and measure policies, processes, and controls, where only 22.1% don't. Almost three-quarters (74%) of respondents that employ a framework use the NIST CSF-almost twice as many as the next three most popular frameworks (ISO 27001, NIST 800-37, and MITRE).

Good news: two-thirds of respondents use metrics to assess and improve security. 

Two-thirds of respondents are currently using metrics to assess operational security performance. Just under 22% are not, and another 11.8% aren't sure. The top three metrics collected and measured by respondents include security incidents (74%), vulnerability assessments (58.5%), and intrusion attempts (43.9%). 

Organizations can improve their use of IT and security training programs and cyber-readiness exercises. 

More than 40% of respondents said they don't have formal IT/security training programs in place. Of those that have training, more than 72% consume materials via video content, 60% use third-party certification exams, 55% get regular emails with educational content, and about 34% reported that they train through a Wiki or knowledge center. Upwards of 30% of respondents don't perform cyber-readiness exercises on a routine basis. Those that do perform cyber-readiness exercises rely on penetration tests and tabletop exercises (tied at 73.7% each) along with incident response testing (71.7%). Disaster recovery tests (56.1%) and red/blue/purple team exercises (38.6%) round out the responses.

Read the full report to see data on other SOC trends, like hybrid SOC usage, how respondents view the usefulness of security metrics and key performance indicators (KPIs), and how organizations rate their SOC maturity.

"The research revealed a lot of encouraging information, especially around how respondents are leaning on frameworks to help assess and drive their security programs. These frameworks are some of the most useful tools for driving the effectiveness of security operations," said Greg Notch, Chief Information Security Officer, Expel. "That said, there are certainly a lot of areas for improvement, specifically in terms of preventative measures. SOC teams seem to be making progress, but there's more work to be done to avoid repeating mistakes that have vexed organizations for years."

Download the "Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity" report.
Published Tuesday, December 19, 2023 2:15 PM by David Marshall
Filed under: ,
Get This Featured White Paper: Disaster Recovery Guide
You may also be interested in this white paper: 2022 US Password Practices Report
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
GenAI
DTW-NA
innovatrix
capacity-europe
vExpert
Calendar
<December 2023>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456
OSZAR »