Why It’s More Important Than Ever to Align



            to The MITRE ATT&CK Framework


            By Michael Mumcuoglu, CEO & Co-Founder, CardinalOps


            As we approach the second half of a year punctuated by ransomware and supply chain attacks, a top
            concern on nearly everyone’s  mind  is  security  budgets.  A closely-related  topic  is  management-level
            reporting.  With  strong  economic  headwinds,  how  do  we  effectively  report  our  security  posture  to
            executives and boards in order to demonstrate effective use of our limited resources?

            A big part of this is rethinking how security executives approach reporting. Typically, the report to the
            board has been around metrics like mean time to detect (MTTD) and mean time to respond (MTTR).
            However, MTTD and MTTR metrics only describe how good your team is at responding to attacks after
            you have detected them, but they’re missing critical information about which attacks were never – and
            will never be – detected in the first place.









            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          196
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.