Of all the considerations that go into ensuring a robust cybersecurity posture, there are five universal metrics that state and local government enterprises should keep on top of, according to David Damato, chief security officer at Tanium.
Damato speaks from experience. Having led teams thatprovided incident response and post-breach remediation efforts at more than 100 Fortune 500 companies, Damato noticed recurring trends that he shared in a podcast interview with StateScoop. Today,Damato provides strategic product direction over module development for the Tanium Platform and manages the companys internal security program.
Failure to implement the fundamentals of cybersecurity hygiene some 20 recommended controls advocated by the Center for Internet Security and the SANS Institute are the root cause of most breaches, Damato said.
Recognizing state CIOs and IT leaders face perennial budget constraints, Damato offered five tips to IT leaders who want to make faster headway.The tips amount to five critical metrics that state ITleaders should monitor closely. They include:
1. The ratio of managed to unmanaged assets
2. The mean time to patch critical vulnerabilities
3. The mean time to remediate an incident
4. The percentage of systems that that meet compliance standards
5. The percentage of users who fail selected social engineering tests
This article and podcast were produced by FedScoop for, and sponsored by, Tanium.