To celebrate Cyber Awareness Month, we’re releasing a series of posts outlining ways Cybersecurity Performance Management (CPM)TM can help you improve your cyber performance, reduce risk, and increase cyber ROI—all through the lens of the NIST Cybersecurity Framework (CSF). Last week, we talked about the “Recover” Security Function, which you can find here.
We’ll take you from the basics of CPM through to advanced practices with a weekly series of blog posts that chronical how CPM helps your organization align itself with each of the CSF’s Security Functions to help you take actionable steps toward securing your digital future. We’ll be posting throughout the month, so make sure you’re following on LinkedIn and X to get the latest.
Cybersecurity Performance Management (CPM)
If you are new to CPM, we encourage you to check out a more in-depth blog here, where we break down what CPM is and how it fits into your organization.
But if you’re in a rush, no problem. What you need to know is that CPM is the framework for effective cybersecurity and resiliency tied to your organization’s strategic cyber objectives; measuring meaningful performance metrics (defined as Cybersecurity Performance Indicators (CPIs)) – over time.
As it relates to the Framework as a whole, think of CPM as a way to supercharge how your organization aligns and benefits from implementing CSF. CPM works across functions to facilitate the visibility needed for governance and risk management. By integrating CPM practices, organizations can enhance their cybersecurity posture, align security goals with the needs of the business, and proactively protect their systems, data, and assets.
NIST CSF “Recover” Function
The fifth security function and the focus of today’s post, “Recover”, is what lays the groundwork for businesses to effectively execute recovery plans that help mitigate losses after a security incident has been confirmed and contained. Effective recovery planning is baked in for a lot of businesses in the form of disaster recovery plans, but many low cyber maturity organizations don’t have such a formalized recovery process for cyber incidents. Having a tried-and-true recovery process in place, which has been tested and continuously developed internally, can make the difference between a quick restoration of services and a prolonged outage that costs millions. From a controls perspective the “Recover” security function is much more slim than the other security functions, but it does include the recovery planning process, security incident post-mortems that feed process improvements, and public communication strategies.
How CPM Enhances Cybersecurity Controls in the Recover Function
Cybersecurity Performance Management is a vital component in addressing cybersecurity controls within the Respond Security Function of the NIST CSF. CPM establishes clear performance metrics and cybersecurity performance indicators (CPIs) to measure the effectiveness of cybersecurity controls, which in this case helps support current and future organizational cybersecurity policy, processes, and increased visibility into business risk. These metrics provide organizations with insights into their security posture and help identify areas that require improvement. Example CPIs your organization may consider are:
- Mean time to respond (MTTR) to understand how well your team are reacting to potential security incidents,
- Age of oldest Critical vulnerability to better identify how quickly your team is identifying and remediating critical vulnerabilities, and
- Days since last tabletop exercise to ensure that security teams and business leadership know their roles, responsibilities, and expectations during a security incident.
We have all of these key metrics and dozens more in our CPM automation platform CnSight. We have found that it can be difficult, ineffective, and costly for organizations to manage cyber metrics in spreadsheets or manual workflows, so we created CnSight to help organizations get started on their CPM journey. We want to make sure that CPM is an approachable avenue to a new way of approaching and understanding cybersecurity risk, and that is a much more manageable task when you utilize automation to simplify the process.
In closing–CPM is the first big step in supercharging your NIST CSF compliance. For more reading on CPM, and to learn about how CPM intertwines with the principles of Zero Trust Architecture (ZTA), check out our recent nSight Report: Are We There Yet? From Zero, to Zero Trust. In the report, we discuss in more detail how CPM and zero trust work together to effectively implement zero trust principles in a way that doesn’t leave either the business or security teams wanting.