What is your company Security Score

Being a Chief Information Security Officer (CISO) must be one of the toughest and most stressful jobs one can have. How do you sleep soundly at night knowing that at any given moment your organization could be under attack? How do you know that you’ve done all you can from building the right architecture to implementing the right controls to buying insurance to cover some gaps and so on?

Folks who work in the security domain tend to develop a healthy paranoia over time that gives them a sense of heightened awareness not to trust but to look for constant verification and thus programs and processes are often put in place to make sure that compliance is validated and that the controls in place are still working at any given moment but a lot of this work comes at a cost due to the extensive resources required to provide the right visibility and to main the needed healthy posture and it’s a never ending game.

Our vision at Calpean is to provide customers with a solution to this problem by using complex engineering and AI to analyze the strength of security in any organization against established frameworks and best practices. Our solution will also look at compliance data from a vertical or legal perspective and the results of our analysis will be summarized in a security score.

The threat landscape is constantly evolving thus security should be looked at as a never-ending journey. Whether you are building a new network, rolling out a new service or whether you are strengthening the security of an existing network. In either of these cases a lot of heavy work will be needed to get us to a secure baseline. And from there we can make instrumental gains.

Diagram 1 is a high-level representation of the critical areas that need to be looked at when analyzing the network security posture but it’s important to note that there many other areas that contribute to the security score such Supply Chain, AI security and much more.

To keep things simple Calpean uses the US college grading system A to F (No use for E) as per the table above. Also, this concept of a security score can be applied to a specific resource or a segment of the network along with a combined overall score.

A common approach is to strengthen security for critical parts of the network and overtime use the same principles to expand to the rest of the network. It’s common to have different scores for different parts of the network and that of course will impact the overall score but that is ok because we are addressing the overall problem of network security in a phased approach through a journey that helps you gain knowledge and built better process and so on.

So where are on your journey and do you find the score concepts appealing?

If so, please reach out to Calpean to help get you on the right journey.