Trustwave: 7 Experts on Security Maturity

The book includes insights from the following experts:

• David Billeter, CA Technologies, Chief Information Security Officer, Aligning Business & Security Culture is Critical >>
• Daniel Schatz, Perform Group, CISO,  Benchmark Your Practice Against a Security Framework >>
• Dave Ruedger,  RMS, CISO, Start with a Baseline and Validate as You Go >>

When it comes to cybersecurity, how do you know your organization is doing enough to protect itself? One way is to fall victim to an attack and decide after the fact that you weren’t doing enough. That works, but there is a better way. You can assess the maturity of your security practice and then decide if it is appropriate for your business.

But how do you think about, measure, improve and communicate the state of your security maturity?  With threats coming from every direction and non-technical people, such as business managers, playing a more prominent role in security planning, this is especially challenging. To learn how companies manage their security maturity, and with generous support from Trustwave, we asked seven security experts the following question:  

What advice would you give on how to improve the maturity of a business’s security practice?

This is an interesting collection of essays because the experts approach the question from the perspectives of their businesses. One expert stresses the importance of starting with your deployment pipeline, while another recommends benchmarking to a security framework. All the experts agree that security maturity must be discussed and measured in a business context, because ultimately it deals with business risk.

I find these essays provide refreshing perspectives on a challenging issue every organization faces today. I hope you agree.