Posts Tagged "reporting"

Your Monthly Security Report Is Worthless

I am doing my best to keep up my blogging momentum. It’s been easier for me to share experiences than to tutorialize tactics, so I present to you this tidbit… This post is directed at anyone who works in security and is responsible for communicating security information to business leadership, board members, and / or anyone (for that matter) who gives a damn. It is quite common that I meet with a client and they want to communicate the health (if you will) of their security program. Typically, by handing me a report that they regularly draft and distribute or present to upper management or other members of the board (if I am working directly with an officer). Some reports are very pretty. They have charts, graphs, and a nice layout. Others… well… let’s not focus on what they look like… yet. Let’s talk about what they tell us. In most cases… NOTHING. But I made it visual! It is easy to follow! Yeah… with what? your vast array of Crayolas? In many cases, I come across reports that are laden with screenshots from any number of security tool dashboards, provide executive summaries that highlight a bunch of fluff, and…

continue reading