How to effectively use Forecasting.
Sections
- (1) Prioritizing Risk Vectors for Your Forecast Scenario
- (2) Generating a Forecast Scenario
- (3) Monitoring Your Progress
- Notes
Before starting and using Forecasting:
Despite our dedication to building a reliable and accurate forecast, Forecasting is not absolute. We cannot guarantee the projected rating will happen or claim forecasting can be used to predict data breaches and other cybersecurity events. It’s solely a projection of what may happen to your Bitsight Security Rating, with an acceptable level of reliability.
(1) Prioritize Risk Vectors for Your Forecast Scenario
Select a set of risk vectors for your first forecast scenario.
Recommendations
Aim for the 80-20 rule and select the 20% most impactful risk vectors. To be more thorough, add more risk vectors depending on your remediation resources.
- Impactful risk vectors graded below an A, including:
- Any Compromised Systems risk vector.
- Open Ports
- File Sharing
- Patching Cadence
- If all risk vectors are evenly graded, include Botnet Infections, Malware Servers, and +3 more.
- Prioritize all the other risk vectors according to their weights.
Example:
Saperix, Inc. has a Security Rating of 460 and several problematic risk vectors. Applying the recommended best practices will result in the following list of risk vectors in the Forecast Scenario:
- Botnet Infections
- Potentially Exploited
- Open Ports
- Patching Cadence
- File Sharing
Tools & Resources for Prioritizing Risk Vectors
(2) Generating a Forecast Scenario
Refer to Understanding the Forecasting Chart for how to read the forecast chart.
The No Action Forecast is a baseline forecast.
(a) Simulate and Analyze Your Forecast Scenario
The Improvement Forecast shows the expected changes within 12 months.
Select the Simulate button to analyze the possible outcomes. Inspect the evolution of your rating at different points in time by hovering your cursor on the chart. Compare these values with your goals and use the difference as inputs to refining your Forecast Scenario.
Tips:
When defining your Forecast Scenario, enable your impactful risk vectors and refer to the following recommendations:
- Don't spend too much time setting the values in your first iteration.
- Set all Estimated Resolution Dates until the end of the current month.
- Set all Estimated Resolution Dates until the end of the current month.
- For Compromised Systems:
- Set the Average Duration to the minimum.
- Keep the Total Number of Events to the default.
- For Diligence:
- Set BAD findings to zero.
- Keep the WARN findings to the default.
- Your primary goal for Patching Cadence is to reduce the average Time to Remediate. Learn more about Time to Remediate:
- Prioritize older and more severe Patching Cadence findings.
- Include Patching Cadence in simulations to account for already remediated Patching Cadence findings.
- Add additional unremediated findings to project what impact future remedations will have on the score.
- For File Sharing:
- Set application events to
0
(zero), as these are considered to be more high-risk than all other File Sharing categories (non-application events). - Keep the non-Application events to the default.
- Set application events to
Example:
Saperix, Inc. wants to improve their rating, as indicated by the User Defined Forecast. They will need to apply more of their resources to improve their Security Rating.
(b) Refine Your Forecast Scenario
Start with Botnet Infections and then refine through the remaining risk vectors:
- Understand the details behind each risk vector.
- Make plausible assumptions on how many and when your organization can solve issues, based on your available resources.
- Transform those assumptions into a Forecast Scenario and then select the Simulate button.
- Re-evaluate the results and compare them to your goals.
- Repeat these steps until your goal is achievable or until you reach a conclusion that can't be further improved.
Example:
66 Botnet Infections with an Average Duration of 18.4 days were observed during the last 12 months.
- The Average Duration for Saperix, Inc is 1.8 days. This is considered high for their industry. They can aim to be in line with the industry average in the following 12 months.
- If 14 out of 66 total number of events were due to Gamarue in one single IP and Saperix, Inc. commits to preventing these events from happening and ultimately protects all devices by the end of the following month, this results in 14 fewer events expected in the next 12 months.
Saperix, Inc. may realize they can economically achieve a rating between 500 and 530. They are provided with their Forecast Scenario, which is a plan that is used to drive the necessary actions that lead to an improvement in their security posture.
(3) Monitoring Your Progress
Select the Start Monitoring button at the top-right of the forecast to activate it. This will freeze your plan from further changes so you can begin monitoring the progress of your Forecast Scenario.
Once your forecast is active, you will no longer be able to edit the Forecast Scenario.
Refer to Understanding the Forecast and use your Forecast Scenario to see how each goal evolves based on the defined goal and your current state of remediation.
You can also see the status of your Forecast Scenario and the rating evolution from the My Forecasts page. If your list of forecasts is long, use the filters to search by status (inactive, active, or finished) or by shared status (My Forecasts/owned or Shared with me).
Notes
To summarize:
- Quickly choose your initial set of high-impact risk vectors.
- Create your first iteration of a Forecast Scenario.
- Factor in a more in-depth analysis of the company report and organizational assumptions.
- Iterate until your scenario allows a significant improvement, within a reasonable investment of your resources.
- Deliver your improvement plan to your organization.
- Start monitoring your progress.
One of the benefits of Forecasting is the unlimited number of Forecast Scenarios that can be created. Many sets of assumptions can be created and transformed into various Forecast Scenarios that can be shared and discussed with different roles or teams in your organization. Once a scenario is active, select the Share button at the top-right of the forecast to enable sharing and then select Save to confirm.
- October 28, 2024: Renamed Rating Improvement to Forecasting.
- July 11, 2024: Incorporated Patching Cadence.
- January 6, 2022: Company eligibility (My Company & subscribed My Subsidiary).
Feedback
0 comments
Please sign in to leave a comment.