How Balanced is Your Cybersecurity Portfolio?

The National Institute of Standards and Technology (NIST) recommends that all companies spread their cybersecurity spending across 5 key functions: identification, detection, protection, response, recovery. Balanced spending across these 5 areas indicates a strong and healthy cybersecurity portfolio.

But any company that misses just 1 of the 5 functions is left with an unbalanced cybersecurity portfolio. This contributes to gaping holes for cyber risk, expensive and persistent security problems, and negative effects on productivity across the enterprise.

Think about a typical small business. It might have 1 IT person in charge of managing a wide variety of cybersecurity threats. If this small operation can detect and identify risks, but can’t respond to them, that’s a huge problem. The IT manager is aware of a vulnerability but doesn’t have the time or resources to address it.

Stave Cybersecurity Manager helps companies balance their cybersecurity portfolio by taking a comprehensive, proactive approach. Let’s look at how Cybersecurity Manager can help you achieve this balance.

Risk Management and Governance

Under the NIST’s 5 function system, risk management and governance fall into the “identification” category. These tasks are of critical importance because they allow your company to understand the specific threats it faces and address them in an organized way.

Dan Woods, a cybersecurity writer for Forbes, suggests thinking of enterprise security as the anatomy of the human body. Risk management (identification) is the brains of the operation. It’s the analytical part that understands what the eyes (detection) see. Without the brain, the eyes - and the rest of the body - can’t function.

Cybersecurity Manager gives the brain a neural network. It provides all the pathways you need to keep your organization smart and functional as you address day to day cybersecurity tasks.

Resolving Persistent and Costly Problems

When your cybersecurity portfolio is in balance, it’s easier to uncover persistent problems and halt their drain on company resources. And on the flip side, a company with an unbalanced portfolio will see the same problems crop up again and again.

For example, let’s say a company frequently forgets to cut off systems access to salespeople who quit or are terminated. This results in former salespeople continuing to access the sales database long after they’re gone, snooping on new leads or new contracts. The sales department is constantly being undercut by these employees-turned-competitors.

The cause behind this persistent problem can be as simple as this: You have two IT employees, and each thinks the other will take care of removing former employees’ access. It’s a response issue. The duo is very busy, and this task gets lost in the shuffle. How can you stop this problem for good?

Cybersecurity Manager ends this kind of confusion through the use of Security Technical Implementation Guides (STIG). They work as a cybersecurity methodology for standardizing security protocols. They not only lay out what should be done, but also who precisely should be doing it, and when there’s a deadline to get it done.

This means you don’t need yet another app or subscription service merely to send reminders of important tasks. STIGs and reminders are built right into Cybersecurity Manager.

Reevaluating and Readjusting

Over time, a company needs to keep its security portfolio healthy by reevaluating its needs, adjusting its expenditures, and addressing any imbalances. Here’s how Dan Woods from Forbes puts it:

In many ways, your security portfolio is like a financial investment portfolio. As most investment advisors will tell you, the wisest course of action is to have a diversified portfolio that doesn’t put too many resources in any one investment or industry. Just as you wouldn’t want your retirement savings to be wiped out if healthcare stocks tanked, you don’t want to put all your security spend into just protect and detect, while ignoring response and recovery.

Take time to look back on your recent cybersecurity challenges and learn from them. Have you successfully identified vulnerabilities, but your response time in addressing them took weeks or months? Red flag: That’s an imbalance.

Cybersecurity Manager has a proven track record of taking remediation timeframes from months to hours. It allows you to complete remediation tasks 70% faster by addressing all 5 functions of the NIST approach in a methodical way: identification, detection, protection, response, and recovery.

Cybersecurity Manager: A Comprehensive Portfolio Solution

Here’s the bottom line: Cybersecurity isn’t just about preventing the biggest worst-case scenarios. It’s about doing the daily work of balancing your cybersecurity portfolio. Minimize all the small risks across your entire enterprise, so they never have the chance to become catastrophes.

To learn more about how Cybersecurity Manager could help you manage your portfolio, connect with Stave, watch this short video, or go try it out in the ServiceNow Store.