Security team

Using the Defense Readiness Index to Improve Security Team Skills

The challenges organizations face in developing e-skills have never been greater. Too often, security teams find themselves locked into reactive modes, continuously responding to immediate threats with no time to learn from them, so there is no opportunity for cross-training and the skill improvement is missed.

In many cases, organizations simply don’t take the time or have the knowledge to develop a roadmap that allows them to measure and improve e-skills. Developing this roadmap can be time-consuming and expensive, but fortunately there is a better option: a framework called the Defense Readiness Index (DRI).

What is DRI?

DRI is inspired by the Cybersecurity Maturity Model Certification, a program launched by the United States Department of Defense to measure the cybersecurity capabilities, readiness and sophistication of defense contractors.

DRI has five levels of controls and practices. The first level covers basic cyber hygiene. At this level, there are no defined differences in the roles of security professionals (such as security management, engineering, and analysis). Higher ratings add more controls and practices, moving from intermediate cyber hygiene, to good cyber hygiene, to proactive, to advanced/progressive.

DRI provides a robust quantitative threat model that is meaningful to businesses. Organizations typically spend large sums of money on consultants who model threats before determining what controls are needed. DRI provides modeling and controls that satisfy the broad use cases of most organizations.

To maximize the usefulness of DRI, organizations should define their target DRI based on the types of threats they expect to face, not just current threats.

Main benefits of IFD

Using DRI gives an organization an accurate measure of how proficient their team is in defending against cyberattacks. Ideally, DRI looks at the team’s combination of demonstrated skills, its abilities to detect and disrupt threats, its ability to collaborate in an investigation, and the overall makeup of the team itself.

Ideally, a team focused on higher DRI levels would be properly staffed and have the tools to do their job. Wherever possible, DRI should incorporate team threat exercises that allow an organization to validate the team’s technical and non-technical skills, and see how well it performs in detection and response situations. simulated.

DRI allows an organization to apply rankings for skills development planning. When an organization aligns these rankings with the content at each level of the DRI model, it provides a roadmap for focusing on the skills needed to move to the next level or to stay at the same level.

DRI also lays the foundation for an organization to achieve its optimal level of cyber readiness. By analyzing DRI rankings, it is possible to determine which skills need to be improved or developed, which roles need to be filled and the associated costs.

Finally, DRI improves the evaluation and reporting mechanisms allowing an organization to see the progress made by a team and to plan the necessary improvements. Additionally, DRI provides data to report to senior management and the board on the strength of the security team.

How to implement DRI

Set priorities. Make a list of security concerns and issues that are most important to the organization.

Assess the capabilities of the security team. Make an honest and realistic assessment of the team’s weaknesses and strengths, noting key areas for improvement.

Calculate the organization’s DRI score. This is achieved using a combination of data from security team assessments, technical tools used, and personal skills of individuals. The score will decrease over time as the threat landscape changes, priorities change, and new technologies replace old ones. To maintain the desired DRI score, organizations must continually upskill their employees so that they are able to defend against evolving threats.

Develop a plan to achieve the organization’s optimal DRI level. This involves drawing a detailed picture of the organization’s security team and determining how best to align security priorities with available personnel. The obvious issues relate to the size and skills of the team; and whether there are enough advanced analysts, threat hunters, and SOC engineers to deal with the current and expected level of threats.

As with all new initiatives, it is important not to waste time and resources on secondary or irrelevant issues and skills. When adopting DRI, remember that the process is a journey, not a destination, as the work is never done and things are constantly changing.

Keeping pace with the changing cyber threat landscape requires an ongoing program to advance cybersecurity skills within an organization. The DRI is a reliable alternative for assessing the skill level of a security team, developing a roadmap for improving cybersecurity skills, and achieving the optimal level of cybersecurity readiness.

views counter

Jeff Orloff is vice president of product and technical services at RangeForce, a cybersecurity training company. He has more than ten years of experience in cybersecurity, computer and network security and system administration. Prior to RangeForce, he was Director of Product Management and User Experience at COFENSE, a company specializing in email security, phishing detection and response. He also served as the Technology Coordinator for the Palm Beach County School District in Florida.

Previous columns by Jeff Orloff:
Key words: