A cybersecurity dashboard is a graphical user interface that displays real-time data about the security of an organization’s network and systems. It typically includes a collection of metrics, charts, and other visualizations that provide a high-level view of an organization’s cybersecurity posture. The dashboard may include information about the number of attacks, the types of attacks, the systems that were targeted, and the success or failure of those attacks. Some dashboards may also include alerts or notifications about potential security incidents or vulnerabilities. The purpose of a cybersecurity dashboard is to give security analysts and other stakeholders a quick and easy way to monitor the security of their network and systems and to take action if necessary.
Security-specific tech solutions often display data that is very technical and doesn’t provide a complete picture of risk. This can be challenging for less-technically skilled individuals on the board and in the C-suite who are responsible for cybersecurity oversight. To help these individuals better understand and communicate cyber risks, it can be useful to provide more straightforward, aggregated information that is easy for everyone to understand.
We have compiled a list of cyber risk KPIs under a few categories that can be integrated into a dashboard for any member of an organization who wants to become more aware of cyber risk. These metrics come from a variety of sources and cover a range of risks, including technical issues, security diligence, and human behavior.
1. Security Posture rating/Benchmark
Security posture refers to the overall level of security protection that an organization has in place to defend against potential threats and vulnerabilities. It would be good to compare your security posture with industries and identify gaps.
To achieve this, you could summarize the discovered issues below or request third-party service to provide a benchmark report.
For benchmark purposes, you could also outline a few notable security incidents/vulnerabilities in your industry for comparison purposes.
2. Assets
Show the list of assets that are under your coverage. For example, the number of
- device
- mobile devices
- employee
- cloud instances
- email inbox
- Ips
- Applications
- Third-party vendors
- etc.
This number of data can be scattered in different places such as the cloud, vulnerability, assets management platform, attack surface management platform, etc. You can pull this data from siloed tools.
It worth outlining a few gaps in visibility here such as
- Percentage of devices/assets that are not monitored or scanned for vulnerabilities
3. Incident & Detection & Response
Show the metrics related to security operations.
- Number of real incidents
- Number of detections/day (break them by severity level)
- Mean time to detect
- Mean time to response
- Mean time to resolve
- Cases left open
- Top detection type
- Detection Gaps in MITER attack framework
- Time of the monitoring stopped due to system failure
You may also want to highlight a few notable incidents and top users/machines that have the most issues. Be prepared with metrics along a timeline so that you can reveal the trend, and the needs and guide the planning.
4. Vulnerabilities
It is worth showing the number of vulnerabilities in your environment and how you handle them.
- Number of vulnerabilities
- Number of Patches
- Mean time to Patch
5. Compliance & Audit
Compliance & Audit is one important part as well. Show the list of things such as
- Type of compliance
- How many audits have been finished?
- How many audits are left?
It is also worth adding a few specific controls addressing threats such as Ransomware
- What percentage of devices are backed up frequently
6. Security Training
Security training is taking a lot of resources. Outline metrics related to security training
- How many phishing tests and what’s the average click rate?
- What is the security awareness training completion rate?
These data can be pulled from the security awareness training platform.
7. Cost & Value
Keep cost and value in your monitoring/reporting when needed.
Referring to cost, there are two parts.
- Labor Cost
- Analyst performance
- Time is taken to investigate each incident
- Technology Cost
- if the incident happened, what extra technology/service you used to mitigate the incident
Regarding Value, focus on $ saved/loss prevented.
How to do that? Here are two things you can leverage
- Past Incidents
- Reporting from other orgs, news
Here are a few examples of implied values: Loss Prevention
- Incidents that were escalated to legal counsel, law enforcement
- Incidents handled that clobbered competitors
- The direct value of IP caught in exfil
- Value of systems not being bricked from EFI bootkit
Internal Metrics vs External Metrics
The type of security dashboard will vary depending on the intended audience. For presentations to external stakeholders, it is important to create a dashboard that focuses on cost-value-risk and is able to clearly demonstrate the value of the security measures being taken. On the other hand, for internal team management, the dashboard should focus on metrics such as coverage, analyst performance, and alert quality.
Additional Notes:
Extract Insights from Unstructured data
To efficiently identify the root causes behind your security metrics, consider using a word cloud to analyze the comments data in your software. This will not only highlight the reasons behind the numbers but also demonstrate the effort your team has put into improving security.
Automation:
Note that the metrics are dynamically changing. So, it is worth automating it or at least partially automating them.
When you are ready, here are two ways we can help
- Schedule a free consultation to discover the best dashboard solutions for you and your team (schedule here). You can find some dashboard/report examples here.
- Try out DTonomy’s Automation platform here to start automating data collection and reporting coupled with Power BI.