Cybersecurity Health Check

This chapter presents the Cybersecurity Health Check (CHC) framework that is based on the business concepts of Strategy Map and Balanced Scorecard. The CHC framework measures the performance of an organization’s information security protection with a set of quantifiable metrics. To check the organization’s incident handling and response, CHC operators select security alert response and incident handling records from Communication Security Technology Service Center database to count the amount of alerts, report time, and response time. The perspective can also verify whether the internal staff of an organization is familiar with information security policy, management process, and operational procedures to evaluate the performance of an Information Security management system. Organizations can recognize the protective measures implementation through driving factors and locate security protection measures to improve the needed driving factors. Organizations should continue to monitor all Information Security Management System measures and maintain solutions for the latest information security information, and take necessary preventive measures.