The security reporting viewpoint used by CISOs consists of views such as the state of security compliance, security posture and cybersecurity trends. These views must be meaningful to the CISO and thereby help them make decisions that retain or improve organizational cybersecurity posture. This also helps the CISO demonstrate the effectiveness of the organization's security investments to the board of directors (or whoever they’re reporting to).

A Viewpoint is an architectural term in the Information Technology world that is used to describe the stakeholders and their concerns for constructing organizational views on technology. In the case of SDAR, a viewpoint is a reporting view for an organization’s stakeholders, based on their stakeholders’ concerns. This article discusses the viewpoint of the Board of Directors using Akrogoniaios Technologies Corp as publicly listed consumer SaaS product company.

Businesses expect their information security systems  to provide security assurance. To some extent, businesses understand what successful security looks like. However, to prove that the investments into security programs are effective, stakeholders must feel the reports are relevant. When security teams take the above steps, they ensure that the organization has maximum visibility. The backbone in providing such reporting is Security Data Analytics and Reporting (SDAR).

Segregating reporting into domains helps organizations design reporting suited to each of recipients. In this article, we looked at the physical, logical and management domains at a high level. Future articles will detail the reporting viewpoints and then map stakeholders and their requirements with the reporting domains to design and deliver an SDAR system.

Reporting expectatoin varies depending on the owership and industry of an organization. This article will focus on how SDAR expectations and requirements differ, based on organizational type.

The first step a business must take when implementing SDAR is to identify who its stakeholders are. Next, the business should analyze their stakeholders’ high level requirements, technology domains and viewpoints. Finally, the business can tie all this together and implement SDAR.

This article will explore the different types of stakeholders an organization can have and their respective responsibilities.

There are several distinct people and entities that are connected to an organization, each of which have their own unique expectations of the business. These same stakeholders also expect a convenient and secure experience when they interact with the business’ technology.

Proving the worth of investments into IT Security (including Cybersecurity) can be challenging. The central piece of providing such evidence lies in processing various information system logs and events, using tailored use cases and providing stakeholders with the correct information to make decisions.