I believe that setting benchmarks to assess your organization’s security posture vs. other organizations is important to understand issues that are crossing regions, industries and more, and prioritize focuses to align your security posture with industry standards.
Having said that, there’s lack of data visibility to security posture trends and it’s hard to find a single source of truth which is normalized and clarified for instant use.
So, I wanted to ask:
- What kind of security benchmarks are you setting and tracking today?
- What are these benchmarks’ parameters? (by region, by industry, by organization’s size etc)
- Which data sources are you using to create the benchmark?
- Are you using any regulatory/standardized frameworks for benchmarks?