Our first attempts at security metrics to measure risk have really fallen short, but we can do something about it, said Mike Lloyd, CTO of RedSeal Networks (@redsealnetworks).
Lloyd argued that measuring your risk is not just good security practice but it can actually be cost beneficial for the business. By mapping your topology and showing what you have in terms of risk, you can not only get data breach insurance (yes it exists) but also a discount.
That is one of the first ROIs you can offer a CFO which is highly desirable. Usual conversations with the CFO are about security being a cost center. Think about how great it could be if you could talk to the CFO about security saving money, said Lloyd.
Similar to how regulation has motivated us to do what we want to do in security, insurance can offer the same type of motivation, argued Lloyd. Insurance is a vital change that all security people need to be thinking about.
Stock photo of man mapping on glass courtesy of Shutterstock.