I kickstarted 2019 with a “dry,” keto January. And, as so often happens, I found a parallel between my personal life and my chosen industry, cybersecurity. In this case, it was measurement. How do you know if you’re healthy? There are clear indicators when you’re not healthy, such as a sore throat or a fever, but what about after the cold goes away? Many of us are lucky to feel healthy most of the time, but how do we know if there’s something lurking that hasn’t yet made its presence known?
One solution is to measure proxies. For example, if you can’t fit into that pair of jeans in December, you might feel compelled to engage in a cleansing diet in January (these things can happen on a quest for the perfect macaron). Fitbit never says, “Good job, you officially eliminated heart attacks from your life.” But it does show you when your average activity level has decreased. We measure things that research has shown are correlated with better health outcomes.
The same is true in cybersecurity. Experience provides guidance about which practices will reduce the odds of a security incident, and there are tools that can measure how effectively those practices have been implemented.
The fourth e-book in this series, Understand & improve your security posture, delves into the tools available in Microsoft 365 to measure and improve enterprise security. It also shows how security professionals can use the data to instill confidence in executive teams and boards of directors, who worry about cybersecurity but may not understand all the issues. Told through the lens of Evan, a (fictitious) Chief Information Security Officer (CISO), the e-book illustrates how he uses Microsoft 365 to evaluate his company’s security posture and improve protection against emerging threats.
Back to measurement: before you can improve your security posture, you need to measure it. Secure Score gives you a score based on how you’ve implemented Microsoft 365 (or third-party) products. You can compare your company score to the average, or you can benchmark yourself against your industry or companies of similar size.
Another advantage of the Microsoft 365 suite is access to threat analytics in Microsoft Defender Advanced Threat Protection. It provides analysis of the current and emerging threats, and it also recommends actions you can take to protect yourself. You’ll learn how you can use the suite of advanced threat protection products available with Microsoft 365 Enterprise E5 to evaluate and mitigate current threats to the network.
The job of a CISO is often as much about educating the board and other executives as it is about securing the enterprise. Your board of directors needs to take a wide angle on risk management, so it’s important to be able to demonstrate how cybersecurity complements other priorities. The score modeler in Secure Score shows specific actions you can take to improve your security, the level of effort of those actions, and how they will impact users. This data can help you make appropriate budget requests, and it helps your board understand the larger business context.
Learn more on how to start measuring your progress by downloading the first four e-books in our series:
Also, stay tuned for the fifth e-book in our series, “Security beyond Microsoft products,” which details how Microsoft 365 Enterprise E5 integrates with other solutions, so you can protect your investments.
The post Understand and improve your security posture with Microsoft 365 appeared first on [Microsoft Security.