Evidence-Based Security

The business world faces an interesting paradox: although companies spend more money than ever on security solutions and protective technologies, breaches and other attacks continue to escalate. This raises the question: are we, as an industry, doing something wrong? With the increase in targeted cyberattacks, rising risk levels, and high-impact consequences, it's more important than ever to be able to answer that question.

In this report, Christopher Frenz and Jonathan Reiber show CISOs, security directors, and security managers how to transform security from an artform to a science, with evidence-based solutions leading the way. You'll learn how to operationalize the MITRE ATT&CK framework and enable your team to produce actionable results and meaningful metrics, and measurably improve your security posture.

With this report, you'll learn:

• Why more security doesn't always provide more protection, and why compliance alone cannot guarantee security
• Ways to justify security spend through proven results
• How to use an evidence-based security framework, mapping TTPs with the MITRE ATT&CK knowledge base
• The advantages of automating breach and attack simulations, especially as a tool for continuous validation
• Evidence-based security metrics that matter, including actionable KPIs for different stakeholders in your organization

About the authors:

Christopher Frenz is the associate vice president of IT security for Mount Sinai South Nassau.

Jonathan Reiber is vice president for cybersecurity strategy and policy at the cybersecurity startup AttackIQ.