CISO September 4, 2018
By Christophe Veltsos 3 min read

As chief information security officers (CISOs) grapple with a broad range of duties — including cyber risk management, security investigations oversight, incident response, security road mapping, and providing regular updates to the C-suite and the board — the stakes are too high to go without the right tools for the job. That said, a larger arsenal of security tools isn’t always better.

Security leaders should review the set of tools they currently use and ask themselves whether each one truly supports and enables them to be as effective as they need to be. Companies often implement solutions from as many as 70 vendors, according to ZDNet. This raises concerns about the number of third parties accessing your enterprise network and data, as well as how effective all these solutions are as an aggregate.

Why CISOs Are Burdened With a Mountain of Security Tools

CISOs have a habit of implementing more and more security programs over time without decommissioning old ones, according to Intelligent CISO. This makes for a messy situation on the security bridge: We’re surrounded by security tools, and yet drowning in cyber risk. What can we do about it?

Picture the CISO getting to work and launching his or her dashboard. What does this dashboard look like today? Does it show a strategic-level view of the organization, how far along various security initiatives are and whether risks fall within agreed-upon ranges? What about potential causes and future consequences should issues remain unaddressed?

Unfortunately, the CISO today is left managing a bundle of security activities with the equivalent of an abacus instead of a graphing calculator. For decades, the security function has invested in narrow-purpose (if not single-purpose) tools, a trend we must now reverse to supplant quantity of tools with efficacy — but how?

How to Evaluate Your Security Toolbox

Every tool will have its own scope of coverage, pros and cons, dashboard, configuration, and potential customizations for our enterprise. Examining each tool one at a time to decide whether it should stay or go and what should replace it sounds like a massive headache. A better approach is to think about the value that tools should bring to the CISO and the organization. As the Intelligent CISO article put it, each tool should align to your organization’s security framework, reduce risk, and be able to measure and sustain the level of reduction.

The good news is that the past few years have seen a flurry of security investments and mergers and acquisitions (M&A) activity, which has resulted in new tools and partnerships among leading security platforms. That means the new security tool you’re considering might have the ability to integrate with existing tools, thus reducing the number of dashboards to monitor and improving the overall picture of cyber risk. Better yet, some tools leverage artificial intelligence (AI) to make sense of all of the data they have ingested.

Do Your Tools Support Your Security Strategy?

Not all tools are about risk reduction. Some tools won’t impact the confidentiality, integrity or availability of sensitive data at all. We’re talking about tools for setting strategy, reporting the organization’s maturity in its various security processes, and enabling the CISO to track, aggregate and report the levels of cyber risk to which the organization is exposed, their potential impact on business objectives, and how the organization has decided to deal with those risks.

As CISOs find themselves spending more time on the business side of the house, they should review the tools they use to ensure that they’re able to squeeze out as much useful information as possible. That includes having the right ticketing programs (in partnership with the help desk), incident response applications (in partnership with IT), incident escalation channels (in partnership with HR, legal and many more) and risk management tools (in partnership with the legal and compliance functions).

But perhaps one of the most important tools is the one that allows the CISO to think strategically about where the organization is today and where it needs to be tomorrow. This might take the form of a custom-made spreadsheet, a project management tool or a process tracker. Most importantly, such a tool should allow the CISO to assess and reflect on how effectively the organization manages its cyber risks. If a CISO were to fail in his or her ability to look at cyber risks holistically and strategically, that in itself would be a risk to the organization — not to mention the CISO’s tenure there.

The right tools should help the CISO be a more effective security leader and position the cybersecurity function as a partner of the organization. Improving the management of cyber risks means improving the quality of the data we collect, our analysis of threats and their potential impact, and our ability to discuss options for dealing with residual risks while enabling the organization to compete in a global marketplace. Waiting for the one tool that can do it all isn’t an option, but neither is continuing on the path of trying to make sense of as many as 70 security tools.

Listen to the podcast series: Take Back Control of Your Cybersecurity Now

 |  |  | 
Christophe Veltsos
InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato

More from CISO
August 3, 2023

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

July 24, 2023

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

July 10, 2023

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

June 2, 2023

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature