I had the opportunity to collaborate on a great project recently. After speaking with a customer and hearing how they struggled with helping their business units understand what they were doing within their security program, we decided to knuckle down and see how we could help change this. After some time talking about the problem and how it could be addressed we came up with the idea of being able to tell a simple story. We decided to create a custom report to show the trending analysis of the last few months along with the top remediations that should be addressed within an organization. As we worked on the custom report and began testing it to make sure that it worked correctly, we realized that this report enabled security organizations to show what they have been able to do to better secure the organization. This report allows a security organization to tell the story of where they have been by showing a trending report of how their organization has changed over the months at the top. This helps to show how an organization's risk has increased or decreased as well as by how much.
Additionally underneath this trending report is a breakdown of the Top 25 Remediations that should be taken to improve the overall risk to your organization.
By combining the two together into a single report we can now see where an organization has been in regards to vulnerabilities and overall risk, as well as what they should do next to reduce this risk to a more acceptable level. This gives the security team the ability to help a business unit understand not just what their security program has accomplished, but what they are going to be focusing on next to continue to reduce the organizaitons overall risk. This allows them to more effectively communicate the potential risk if they are not able to receive the appropriate resources/funding. Even more effective is when you further scope this report using Asset Groups to show how the companies primary business processes are at risk. This now gives you the capabilities to show how your organization has striven to address the risks associated to a business process in a manner that is easier to understand.
You can now also help the business unit and company understand the risk of not approving the funding you need to help you to continue to reduce the risk associated to what is important to them both. With all this being said you don't have to take my work for it. Download the TrendAndTopRemediations Report Template, try it out and give us your feedback. We would love to hear if you agree with us or not. And if not let us know what you would change so we can make it a best in class report that brings you true value.