Requirements for Enterprise Security Performance Management
We are delighted to see that someone of Ed Amoroso’s prominent standing in the cybersecurity world has taken an interest in Security Performance Management (SPM). In this short white paper, Ed points out that security assessments are becoming more continuous in nature, rather than remaining point-in-time snapshots. He goes on to describe the variety of actors whose needs must be taken into account in any SPM initiative – it’s not just the security and audit teams!
Most importantly, Ed provides readers a set of five requirements for any SPM platform, to help guide organizations in selecting the right SPM tool. The five key capabilities are: Workflow, Analysis, Planning, Remediation, and Metrics.
One key takeaway is that an SPM solution needs to integrate with the existing security and GRC tooling to deliver optimum workflow automation and speed of decision-making.
Of course, we think we’ve already built the kind of SPM platform that Ed describes! Integrations with workflow, analytics, and planning tools? Check. Built-in, prioritized remediation recommendations? Absolutely. Metrics, reports, and cost estimates aimed at all stakeholders? Naturally.
SPM is a relatively new product category, and buyers are still just becoming aware of it and how it solves problems with communications, budgeting, and prioritizing. Here at TrustMAPP, we are hard at work educating the marketplace about the power of SPM. Having someone like Ed Amoroso recognize the need for SPM is wonderful news.
Contact us if you’d like to learn more.