The Enterprise Security Posture service encompasses both technical and non-technical security controls. It then allows the organisation to measure their security posture improvement continuously against the initial security baseline position.
Challenges and Questions Faced by Organisations
The systemic cyber risk to business continues to increase, and leaders need a fresh view of measuring and mitigating these risks. When you operate in a virtual world, cyber risk is pervasive, and we need ways of managing global risk exposure and the threat of attack.
Questions being asked by leaders and executives:
- What is our exposure to cyber risk?
- Have I spent money in the right areas?
- Do I have any gaps in my security controls?
- Have we duplicated controls unnecessarily?
- What new or updated controls should we prioritise?
- How are we protected against different threat scenarios?
- Are controls operating effectively?
- Are my non-technical controls effective?
- Do I have the right controls to recover my environment in the event of an attack?
Benefits of Quantum
For Chief Information Security Officers (CISOs) & Security Teams
- Gaining visibility into your cybersecurity posture
- Quantifying the risk of threat actors and attack methods
- Identifying actions to reduce risk and improve posture
- Creating a data-driven narrative to prioritise investments
For Boards & Executive Teams
- Drilling deeper to identify investments and infrastructure needs
- Continuously monitoring scores to stay alert to changes over time
- Run threat scenarios against your controls
- Monitor baseline scores v’s future scores
What is the goal of Quantum?
To provide a strategic overview of an organisation’s overall security architecture and be used as a prioritisation tool for future investment.
Based on the NIST Cyber Security Framework and incorporating the MITRE ATT&CK knowledge base of adversary tactics and techniques based on real-world observations. Quantum directly references essential elements of each of these frameworks via the interface.
It also displays alignment to several international and Australian security standards, including:
The NIST Cyber Security Framework is a globally recognised framework based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote critical infrastructure protection. The Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
The Framework’s goal is to manage better and reduce cybersecurity risk. In addition to helping organisations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst internal and external organisational stakeholders.
About MITRE ATT&CK
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is a foundation for developing specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.