As the challenge of securing digital assets grows, the challenge of quantifying an organization’s security posture is also growing. This is due in part to the added layers of protection needed to secure IT infrastructures that have no perimeter, and the sheer quantities of data generated by new security technologies. It is further complicated, especially for global companies, by regional differences in security practices, standards, and regulatory environments. In order to better understand how security organizations operating in Europe and the Middle East use metrics to describe their security posture, we decided to ask them. With Tenable’s generous support, we posed this question to a number of security experts:
Your CEO calls you in and asks ‘Just how secure are we?’ What strategies and metrics would you use to answer that question?
For this e-book we spoke to a global audience, including people from Germany, France, the Middle East, and the UK. In these regions, security practices and regulatory environments are very mature. Yet politics often plays a role in which security frameworks can be used in certain countries. For example, a French company with global operations may use a US standard framework in its European operations, but it must adopt a different framework for its Middle East operations. Also, the risk landscape can vary considerably from one region to another, not only because of the nature of potential threats, but because of the varying costs of regulatory noncompliance.
Any business with operations in EMEA will find value in the perspectives of these EMEA-based security experts.
Chairman and Chief Executive Officer