I’ve been talking with a lot of companies lately about what is on their infosec dashboard, and I’ve noticed a strong shift away from granular, “security geek” content to more business-focused content. I saw a lot of this in the Compliance world, since audit committees wanted to know how their companies were doing against SOX-404 objectives and things like that, but not as much on the security side of things.
One of the efforts I’m engaged in right now is collecting data on what infosec managers, directors, and CISO’s are doing to help the rest of the business understand the value of their infosec investments. In addition to talking with a lot of people, I’ve begun collecting samples of dashboards and reports (sanitized using mock or obfuscated data, but intact as samples). This has been a huge help in understanding how to better serve this growing need in our security world.
If you have any good samples you can share (particularly effective ones), I’d love to see them. If you want to email them to me, you can do so at “dmelancon at tripwire.com,” and if you want to encrypt the message here is a link to my public key. Please include [Dashboard] in the subject line to help me organize them.
If you prefer, you can share your thoughts on this topic using the Comments function below, or you can join the discussion about dashboards that I’ve started on Quora (you’ll need to create a free account to add any comments).
Whichever method you choose, I’d love to hear more from you on this topic if you have proven practices to share.