I work for a small computer software company.
With all the CPIs you keep track of across your cybersecurity program, how are you keeping track and reporting on the value?
Come on guys, the correct answer to this is the Microsoft Admin Portal and your Azure Admin and the Security and Compliance centers. Everyone wants to buy new SaaS when most of the Controls and Safeguards are built into MS. Steven Palange, email@example.com reach out for any and all your SaaS renewals.
For small companies, utilize the tooling you already have in place like the MS Office or the Atlassian Suite, etc. Ultimately, as you grow towards enterprise scale, Archer and ServiceNow (Governance, Risk, Compliance) can help with everything from compliance workflow to tracking incidence response. As a Cyber Architect in a corporate Fortune 500, we use a medley of integration with our SIEM, Vulnerability Tool, and all the collected data can be accessed by Tableau to generate a dynamic web graph. When you start tracking vulnerabilities and incidents, the data you accumulate can be expressed in your appropriate CPI. If you lack data for a particular CPI, then you may a gap in your cyber program.