To celebrate Cyber Awareness Month, we’re releasing a series of posts outlining ways Cybersecurity Performance Management (CPM)TM can help you improve your cyber performance, reduce risk, and increase cyber ROI—all through the lens of the NIST Cybersecurity Framework (CSF). Last week, we talked about the “Detect” Security Function, which you can find here.
We’ll take you from the basics of CPM through to advanced practices with a weekly series of blogs posts that chronical how CPM helps your organization align itself with each of the CSF’s Security Functions to help you take actionable steps toward securing your digital future. We’ll be posting throughout the month, so make sure you’re following on LinkedIn and X to get the latest.
Cybersecurity Performance Management (CPM)
If you are new to CPM, we encourage you to check out a more in-depth blog here, where we break down what CPM is and how it fits into your organization.
If you don’t have time for the deeper dive, don’t worry, we’ll keep it quick. What you need to know is that CPM is the framework for effective cybersecurity and resiliency tied to your organization’s strategic cyber objectives; measuring meaningful performance metrics (defined as Cybersecurity Performance Indicators (CPIs)) – over time.
As it relates to the Framework as a whole, think of CPM as a way to supercharge how your organization aligns and benefits from implementing CSF. CPM works across functions to facilitate the visibility needed for governance and risk management. By integrating CPM practices, organizations can enhance their cybersecurity posture, align security goals with the needs of the business, and proactively protect their systems, data, and assets.
NIST CSF “Respond” Function
The fourth security function and the focus of today’s post, “Respond”, supports an organization’s ability to respond to security events in real time. While it’s important for businesses to be proactive in mitigating cyber risk, they also need to make sure they’re able to react when the situation calls for it. Having an effective incident response process in place is critical in mitigating the fallout of potential cybersecurity incidents, because it can be the difference between a quick restoration of services and a prolonged outage that costs millions. The “Respond” security function spans across several domains, including response planning, crisis communication, incident analysis, incident containment, and continuous improvement in wake of cyber incidents.
How CPM Enhances Cybersecurity Controls in the Respond Function
Cybersecurity Performance Management is a vital component in addressing cybersecurity controls within the Respond Security Function of the NIST CSF. CPM establishes clear performance metrics and cybersecurity performance indicators (CPIs) to measure the effectiveness of cybersecurity controls, which in this case helps support current and future organizational cybersecurity policy, processes, and increased visibility into business risk. These metrics provide organizations with insights into their security posture and help identify areas that require improvement. Example CPIs your organization may consider are:
- Mean time to respond (MTTR) to understand how well your team are reacting to potential security incidents,
- Age of oldest Critical vulnerability to better identify how quickly your team is identifying and remediating critical vulnerabilities, and
- Days since last tabletop exercise to ensure that security teams and business leadership know their roles, responsibilities, and expectations during a security incident.
We have lots of similar key metrics in our CPM automation platform CnSight. We have found that it can be difficult, ineffective, and costly for organizations to manage cyber metrics in spreadsheets or manual workflows, so we created CnSight to help organizations get started on their CPM journey. We want to make sure that CPM is an approachable avenue to a new way of approaching and understanding cybersecurity risk, and that is a much more manageable task when you utilize automation to simplify the process.
In closing–CPM is the first big step in supercharging your NIST CSF compliance. For more reading on CPM, and to learn about how CPM intertwines with the principles of Zero Trust Architecture (ZTA), check out our recent nSight Report: Are We There Yet? From Zero, to Zero Trust. In the report, we discuss in more detail how CPM and zero trust work together to effectively implement zero trust principles in a way that doesn’t leave either the business or security teams wanting.