You have too many security tools, generating a deluge of data and offering no way to correlate output into meaningful information.
You might be at the beginning of setting up a security program, but can't see the forest for the trees! You don't know how to arrive at the right priority and strategy that you can explain and justify to your management.
Unlike other management disciplines where change, decision-making, and priorities are based on insight and facts, information security is often managed based on gut feel, fear, and anecdotal decision-making. Organizations lack the insight and knowledge to implement an effective and efficient security program.
Information security organizations, as an extension of ICT, are often on an island and lack the ability to effectively communicate, justify, or advocate the company's security strategy. In meetings with your management, "fear stories from other companies" are used to gain support or, at best, very simple metrics are used without any business context.
Your one-sided investments in technology, without a focus on your business processes, supply-chain and employees are not leading to the necessary improvement because not all links inside and outside your company are equally strong.
Lack of insight ultimately leads to not being able to demonstrate that your investments have led to actual improvements.

You want to start making decisions based on facts rather than gut feel.
You want to have the ability to drive your security program, organization and strategy, and to effectively communicate security across all levels of your organization. You want to understand the return on investments in the short and long term so you can make informed security decisions, and have the ability to recover quickly after an incident.
This Insight also gives you the ability to be better prepared for audits, demonstrate legal compliance and reduce the upfront costs of doing so.
You want to report regularly to executives and communicate about security based on facts in a language that is understood even outside your security department. You want to manage an optimized security program and address cybersecurity issues in line with your company's risk appetite.
You see insight as the means to make security a shared accountability within your organization and to achieve appropriate Information Security decision making.
Security Insight Service
Soapbox Security provides an integrated framework for security metrics to effectively report on your objectives and progress. It provides continuous insight into all relevant security aspects. When combined with your business intelligence, it enables you to run an effective and efficient security program that allows you to manage and optimize your security strategy based on facts.
The framework is fundamental to making information security part of your corporate culture and thus to get the (final) accountability of information security to the right level within your organization.
Insight ensures that you can manage and report the course of your information security in a responsible manner to all layers within your organisation, at board level or at the level of your senior management.

Method
We provide our service through a number of steps to achieve the desired outcomes:
Objectives
We work with you to determine the best metrics to use to create insight, and the most effective method to report them.
Analysis and initial assessment
In order to arrive at correct measurements, there must be sufficient reliable information available. To map this out, we analyze the possibilities within your company. We also examine the effectiveness of existing reports and dashboards.
Implementation and optimization
We come up with a recommendation as to where improvements can be made within your organization. We can also guide you in implementing the framework in your existing reporting processes and management dashboards, or co-develop a new form for this.
Communication and reporting
We offer support in socializing and accepting the metrics within your organization. During the initial reporting we support you in the preparation.

Experience shows that many information security teams only communicate their operational data.
Our insight service is unique because it provides a complete framework to collect, correlate and effectively communicate various metrics, and is based on more than just technology.
We led a successful security insight program for a large US corporation for over a decade. We developed and delivered automated solutions and regularly reported to executive management
Our framework has received multiple awards from RSA and CSO magazine. It has been published and presented at major security conferences around the world.
Let's work together
Our team will always be happy to work with you.
Feel free to contact us by telephone +31850470062 or via the form and we will be sure to get back to you as soon as possible.
"*" indicates required fields