Jul 05 2012

How to Build a Security Dashboard

An enterprise view of security is key to continuous monitoring.

Continuous monitoring moves information security and risk management away from a static, compliance-focused view of security to a dynamic view, in which changes in threats or increased risk can receive an immediate response.

As part of a continuous monitoring system, security dashboards can provide an at-a-glance view of an organization’s security posture. As useful as this may be, presenting an organizationwide view of security in a single screen can be a daunting task.

A good place to start is identifying risk information already present in the enterprise. Key starting points include risk mitigation tools (antimalware, antispam, IPS), anomaly detection tools (tripwire-style tools, DLP), and network tools (net-flow analyzers and reachability/system status tools).

Analyze each tool’s status information to identify measures of security posture and risk. Some tools provide information that’s hard to summarize in absolute numbers, which the most difficult part of building a dashboard.

For each metric, establish a sliding baseline and absolute limits. This makes it easy to determine when any particular metric is out of an acceptable range or norm. Without the context of a baseline, numbers for such things as “viruses blocked per day” are meaningless.

The final step is to create a visual representation that provides a quick snapshot of an organization’s security posture. Aim for no more than 12 to 16 panes of data using a color indicator (green/yellow/red is popular) and other easy-to-understand graphic elements, such as dials.

For more information about continuous monitoring, see our white paper.