Security Program Dashboarding

Written by Mike Gentile

May 10, 2017

Generate an Initial Security Program Dashboard

 

Your security program dashboard is a vital means of communication within your organization. Building effective dashboards for the security team, as well as for program stakeholders in your company, will help you make informed decisions within your environment.  Depending on the structure of your security program and organization, consider creating two dashboards: an operational dashboard and a program dashboard. The operational dashboard will have more detailed metrics for your security team to use, while a program dashboard will include higher-level information on the environment and program status geared toward making decisions.  Use these tips to build a program dashboard for effective decision-making. 

Tips to Build a Security Program Dashboard

Tip #1: Focus on two primary objectives for your security program’s dashboard:

  • Help management and stakeholders understand the status of your security environment.
  • Present information in a way that supports making informed business decisions.

Tip #2: Focus on the page balance and color palette just as much as the information in your security program dashboard. Making your dashboard look sharp will make it easier for people to go through the information. 

Tip #3: Present everything in a way that evokes decisions. Draft decisions you need to make before the meeting and review the dashboard to see if it has information that will help you come to those decisions. 

Tip #4: Avoid jargon. Everything on your dashboard should be understood by people that aren’t well-versed in security. 

Tip #5: Make sure that anyone who needs to be involved in the decision-making process is invited to the meetings where you review the dashboard. 

Tip #6: Check the document for typos and make sure the document is clean and organized. A common diversion tactic is to focus on minor issues, rather than the decisions and information you want. 

Tip #7: Don’t stress if you don’t get any decisions. Remember the first tip; if you did this right you’re presenting information to management. If they don’t want to make a decision with it, then the accountability falls on them. 

Ready to build stronger security? Learn about other critical security program components.

Tagged with: