Categories: Articles

Security: How do you score?

used with permission from HP Technology at Work

We’ve all heard it time and again: You can’t manage what you can’t measure—and it’s especially true for enterprise security. If you’re like most organizations, your security posture can use some improvement, as HP Enterprise Security affirmed in its State of Security Operations report that found:

  • Nearly a quarter of assessed security operations centers do not meet the minimum requirements to provide consistent security monitoring.
  • Only 30 percent of assessed organizations are meeting business goals and compliance requirements.

Those numbers are especially worrisome in light of further findings in the report—since 2010, the cost of data breaches has ballooned 78 percent, and the time it takes to resolve a cyber-attack has increased 130 percent. The report, based on more than 90 assessments of 69 security operations organizations worldwide, surmises that “there is a clear need for improvement in the effectiveness of security operations to limit the impacts and speed the resolution of such events.”

The report is not all doom and gloom, as it includes a new scale that enterprises can use to assess and measure their level of security maturity. HP’s Security Operations Maturity Model (SOMM), focuses on a successful, mature security intelligence and monitoring capability based on variables such as people, process, technology, and supporting business functions. The scale is a modification of the Capability Maturity Model for Integration (CMMI), a process improvement program that provides organizations with the elements of effective processes, developed by members of industry, government and the Carnegie Mellon Software Engineering Institute (SEI).

The SOMM uses a 0-5 scale similar to the CMMI model, with a zero representing a complete lack of capability and 5 representing a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon.

SOMM levels—how does your enterprise score?

Answer the following questions to get a rough idea where your business falls on the Security Operations Maturity Model spectrum

The report explains that even organizations lacking a formal threat monitoring team typically score “between a level 0 and level 1, because even an organization with no formal full-time equivalent (FTE) or team performs some monitoring functions in an ad-hoc manner.” As a rule, an organization with a team focused on threat detection scores between a 2 and 3. The world’s most advanced security operations centers (of which there are very few) typically receive an overall score between a level 3 and level 4.

Question If “yes”, you’re at level:
Does your enterprise lack security operational elements? 0 – incomplete
Are the bare minimum requirements to provide security monitoring met—but nothing is documented and actions are ad hoc? 1 – initial
Are business goals met? Are operational tasks documented, repeatable, and can they be performed by any staff member? Are compliance requirements met? Are processes defined or modified reactively? 2 – managed
Would you characterize your security operations as well-defined, subjectively evaluated, and flexible? Are processes defined or modified proactively? 3 – defined
Are your security operations quantitatively evaluated, reviewed consistently, and proactively improved utilizing business and performance metrics to drive the improvements? 4 – measured
Have you implemented an operational improvement program to track any deficiencies and ensure that all lessons learned continually drive improvement? 5 – optimizing

Surprisingly, the optimal score for a modern enterprise is not level 5, but level 3 (defined), as it relies on a complimentary mixture of agility for some processes and high maturity for others. Managed security service providers (MSSPs) should aim for a maturity level of 4 (measured) so they achieve consistency in operations and better avoid potential penalties incurred for missed service commitments. Beyond that, HP found that aspiring to level 5 (optimizing) leads to “overly mature operations result in stagnation and rigidity that results in a low level of effectiveness. Processes are rigid and less flexible and significant overhead is required to manage and maintain this maturity level, outweighing the benefits achieved.”

To learn more about the HP Security Operations Maturity Model and getting a detailed assessment for your enterprise, go to the HP Security Intelligence and Operations Consulting overview.

Bryan Antepara

Bryan Antepara: IT Specialist Bryan Antepara is a leader in Cloud engagements with a demonstrated history of digital transformation of business processes with the user of Microsoft Technologies powered by the team of eMazzanti Technologies engineers. Bryan has a strong experience working with Office 365 cloud solutions, Business Process, Internet Information Services (IIS), Microsoft Office Suite, Exchange Online, SharePoint Online, and Customer Service. He has the ability to handle the complexity of moving data in and out of containers and cloud sessions, makes him the perfect candidate to help organizations large and small migrate to new and more efficient platforms.  Bryan is a graduate of the University of South Florida and is Microsoft Certification holder.

Recent Posts

The Executive’s Guide to Security Operations Center Models

Cyber threats never take a day off, never clock out and go home at the…

2 days ago

Introduction to Azure Services

Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…

2 days ago

Introduction to Microsoft Copilot

Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…

3 days ago

Project Management: Why is it important?

Making things happen is the art and science of project management. The process involves managing…

1 week ago

Enhancing Website Performance and User Experience Through Caching Strategies

In today's fast digital life, website performance is important, as it holds visitors and ensures…

1 week ago

Protecting Municipal Data: Security Tips for City Officials

The FBI reported that cyber attacks against government facilities saw an increase of almost 36…

1 week ago