Forum Discussion
Solved
Need more details regarding "Compare Your Score" section
Hello Team, I have recently started analyzing secure score. I read in one of MS link that under "Compare your score" section, we can compare our score to the average score of all the O365 tenants...
- Hi Shivani,
100% Agree with Jethro here in terms of the score and what it represents. There is an element of gamification in the Secure Score which I often find makes organisations think that if they outscore the industry average by 20-30 points then it means they are ok. It reality it only hides the fact that many Office 365 tenants do not utilise the security controls or best practices within their environments and your organisation becomes only marginally less insecure than the others.
As Jethro said, a lot has to do with mapping your own security requirements and I would add this includes actively managing these on an ongoing basis not just lighting up things like MFA and thinking that will do. Part of that is using secure score over time. There is a great article here about managing security with secure score over time - the first 30 days, then 90, then beyond
https://docs.microsoft.com/en-us/office365/securitycompliance/security-roadmap
And Microsoft have just released a series on best practice here on the TC
https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/How-to-help-maintain-security-compliance/m-p/298467#M1748
This should be used in conjunction with other tools and guides such as Intune, Cloud App Security and Advanced Threat Intelligence. For things outside Microsoft, if you are a UK based organisation then I would consider Cyber Essentials here
https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
And looking into ISO27001
https://www.iso.org/isoiec-27001-information-security.html
Security improvement is also a lot about training as much as the tools so I would consider how to improve staff behaviours. If you do Cyber Essentials and ISO then there are trading elements. Having a few staff ITIL trained will help too.
Hope that helps.
Best, Chris
Hi Shivani,
100% Agree with Jethro here in terms of the score and what it represents. There is an element of gamification in the Secure Score which I often find makes organisations think that if they outscore the industry average by 20-30 points then it means they are ok. It reality it only hides the fact that many Office 365 tenants do not utilise the security controls or best practices within their environments and your organisation becomes only marginally less insecure than the others.
As Jethro said, a lot has to do with mapping your own security requirements and I would add this includes actively managing these on an ongoing basis not just lighting up things like MFA and thinking that will do. Part of that is using secure score over time. There is a great article here about managing security with secure score over time - the first 30 days, then 90, then beyond
https://docs.microsoft.com/en-us/office365/securitycompliance/security-roadmap
And Microsoft have just released a series on best practice here on the TC
https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/How-to-help-maintain-security-compliance/m-p/298467#M1748
This should be used in conjunction with other tools and guides such as Intune, Cloud App Security and Advanced Threat Intelligence. For things outside Microsoft, if you are a UK based organisation then I would consider Cyber Essentials here
https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
And looking into ISO27001
https://www.iso.org/isoiec-27001-information-security.html
Security improvement is also a lot about training as much as the tools so I would consider how to improve staff behaviours. If you do Cyber Essentials and ISO then there are trading elements. Having a few staff ITIL trained will help too.
Hope that helps.
Best, Chris
100% Agree with Jethro here in terms of the score and what it represents. There is an element of gamification in the Secure Score which I often find makes organisations think that if they outscore the industry average by 20-30 points then it means they are ok. It reality it only hides the fact that many Office 365 tenants do not utilise the security controls or best practices within their environments and your organisation becomes only marginally less insecure than the others.
As Jethro said, a lot has to do with mapping your own security requirements and I would add this includes actively managing these on an ongoing basis not just lighting up things like MFA and thinking that will do. Part of that is using secure score over time. There is a great article here about managing security with secure score over time - the first 30 days, then 90, then beyond
https://docs.microsoft.com/en-us/office365/securitycompliance/security-roadmap
And Microsoft have just released a series on best practice here on the TC
https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/How-to-help-maintain-security-compliance/m-p/298467#M1748
This should be used in conjunction with other tools and guides such as Intune, Cloud App Security and Advanced Threat Intelligence. For things outside Microsoft, if you are a UK based organisation then I would consider Cyber Essentials here
https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
And looking into ISO27001
https://www.iso.org/isoiec-27001-information-security.html
Security improvement is also a lot about training as much as the tools so I would consider how to improve staff behaviours. If you do Cyber Essentials and ISO then there are trading elements. Having a few staff ITIL trained will help too.
Hope that helps.
Best, Chris
