Gaining organizational effectiveness

The four key organizational governance steps to maximizing the value that is delivered by Benchmark are as follows:

Develop a dedicated change management process. See Change management.
Define distinct roles and responsibilities. See RACI chart.
Track operational maturity. See Operational metrics.
Validate cross-functional alignment. See Organizational alignment.

Change management

Develop a tailored, dedicated change management process for risk management, taking into account the new capabilities provided by Tanium.

Update SLAs and align activities to key resources for risk management activities across IT Security, IT Operations, and IT Risk and Compliance based on industry comparisons.
Identify internal and external dependencies to your risk management process. For example, achieve effective integrations with Comply and Patch.
Designate change or maintenance windows for various risk management scenarios. For example, emergency patching versus general maintenance patching.
Create a Tanium steering group (TSG) for risk management activities, to expedite reviews and approvals of processes that align with SLAs.

RACI chart

A RACI chart identifies the team or resource who is Responsible, Accountable, Consulted, and Informed, and serves as a guideline to describe the key activities across the security, risk/compliance, and operations teams. Every organization has specific business processes and IT organization demands. The following table represents Tanium’s point of view for how organizations should align functional resources against risk management. Use the following table as a baseline example.

Task	IT Security	IT Operations	IT Risk/Compliance	Executive	Rationale
Benchmark coverage of endpoints	C	A/R	C	-	The IT Operations team owns the Tanium platform and is accountable and responsible for the deployment of the Tanium Client, including the Benchmark module. Tanium Client coverage is essential to understand risk in the environment. IT Operations consults with the IT Security and IT Compliance teams on the coverage to identify gaps.
Identify and monitor business critical endpoints	A	R	C	I	The IT Security team monitors business critical endpoints to ensure actions can be taken to reduce risk. The IT Operations team identifies business critical assets and consults with the IT Compliance team to ensure accurate identification of those business critical endpoints. The Executive team is informed to monitor risk.
Monitor the risk score for the enterprise	A/R	R	R	C	The IT Security team monitors the risk score for the enterprise so that action can be taken if the risk score is too high or deviates significantly from the industry benchmark. The IT Operations and IT Compliance teams define endpointasset criticality, ensure Benchmark coverage, and take necessary actions to reduce the risk score over time. The Executive team is consulted on acceptable risk levels and the actions taken to reduce risk.

Organizational alignment

Successful organizations use Tanium across functional silos as a common platform for high-fidelity endpoint data and unified endpoint management. Tanium provides a common data schema that enables security, operations, and risk/compliance teams to assure that they are acting on a common set of facts that are delivered by a unified platform.

In the absence of cross-functional alignment, functional silos often spend time and effort in litigating data quality instead of making decisions to improve risk management.

Operational metrics

Risk maturity

Managing a risk management program successfully includes operationalization of the technology and measuring success through key benchmarking metrics. The four key processes to measure and guide operational maturity of your Tanium Benchmark program are as follows:

Process	Description
Usage	how and where Tanium Benchmark is used in your organization
Automation	how automated Tanium Benchmark and the underlying data collection is, across endpoints
Functional Integration	how integrated Tanium Benchmark is, across IT security, IT operations, and IT risk/compliance teams
Reporting	how automated Tanium Benchmark is and who the audience of risk score reporting is

Benchmark operational maturity metrics

In addition to the key processes, the four key benchmark metrics that align to the operational maturity of the Tanium Benchmark program to achieve maximum value and success are as follows:

Executive Metrics	Risk Coverage	Risk Score	% of Optimal Endpoints
Description	Percentage of endpoints on which all risk vector scores were calculated in the last 30 days.	A numerical score that represents the overall risk of the enterprise based on data from every managed endpoint.	Percentage of endpoints where the Risk Coverage metric reports Risk as optimal.
Instrumentation	Uses the Risk client extensions status to confirm that endpoints are reporting risk scores as well as the Impact - Coverage Status, Reveal - Coverage Status, Comply - Coverage Status, and SSL Server Audit Tools Required sensors to determine the endpoints where Risk is optimal, needs attention, and unsupported. For more information about the states reported by this metric, see Monitor and troubleshoot Risk health. For supported endpoint operating systems, see Endpoints.	The following formula is used to calculate the risk score for each managed endpoint: (Risk Vectors x Endpoint Criticality) x (100% - Compensating Control %) = Endpoint Score	Uses the Risk Coverage metric to determine the number of endpoints that report Risk as optimal divided by the total endpoints on which risk vector scores were calculated in the last 30 days multiplied by 100. The Optimal status indicates that all necessary tools, configurations, and scans are installed and complete for an endpoint. For more information, see Risk Coverage.
Why this metric matters	If you are not including all endpoints in your risk assessment, you do not have a complete picture of the risk in your environment.	As you lower the risk score for your enterprise, you improve your compliance and risk posture.	If all endpoints are not in an optimal state, they might not be reporting complete data to Risk, and you do not have an accurate picture of the risk in your environment.

Executive Metrics

Risk Coverage

Risk Score

% of Optimal Endpoints

Description

Percentage of endpoints on which all risk vector scores were calculated in the last 30 days.

A numerical score that represents the overall risk of the enterprise based on data from every managed endpoint.

Percentage of endpoints where the Risk Coverage metric reports Risk as optimal.

Instrumentation

Uses the Risk client extensions status to confirm that endpoints are reporting risk scores as well as the Impact - Coverage Status, Reveal - Coverage Status, Comply - Coverage Status, and SSL Server Audit Tools Required sensors to determine the endpoints where Risk is optimal, needs attention, and unsupported.

For more information about the states reported by this metric, see Monitor and troubleshoot Risk health. For supported endpoint operating systems, see Endpoints.

The following formula is used to calculate the risk score for each managed endpoint:

(Risk Vectors x Endpoint Criticality) x (100% - Compensating Control %) = Endpoint Score

Uses the Risk Coverage metric to determine the number of endpoints that report Risk as optimal divided by the total endpoints on which risk vector scores were calculated in the last 30 days multiplied by 100.

The Optimal status indicates that all necessary tools, configurations, and scans are installed and complete for an endpoint.

For more information, see Risk Coverage.

Why this metric matters

If you are not including all endpoints in your risk assessment, you do not have a complete picture of the risk in your environment.

As you lower the risk score for your enterprise, you improve your compliance and risk posture.

If all endpoints are not in an optimal state, they might not be reporting complete data to Risk, and you do not have an accurate picture of the risk in your environment.

Use the following table to determine the maturity level for Tanium Benchmark in your organization.

		Level 1 (Initializing)	Level 2 (Progressing)	Level 3 (Intermediate)	Level 4 (Mature)	Level 5 (Optimized)
Process	Usage	No dependent modules are configured, and endpoint criticality is left at the default values for all endpoints.	Core content and Comply are configured and feeding into Benchmark.	Core content, Comply and one additional dependent module are configured and feeding into Benchmark.	Core content, Comply, Impact and Reveal are configured and feeding into Benchmark, but not on all applicable endpoints.	Core content, Comply, Impact and Reveal are configured and feeding into Benchmark, and endpointasset criticality is set for all applicable endpoints.
	Automation	Only manual, ad hoc compliance and vulnerability assessments in use for Comply. See Comply User Guide: Operational metrics.	Only manual, ad hoc compliance and vulnerability assessments in use for Comply. See Comply User Guide: Operational metrics.	Automated, recurring configuration compliance and vulnerability assessments for Comply. See Comply User Guide: Operational metrics.	Automated, recurring configuration compliance and vulnerability assessments for Comply. See Comply User Guide: Operational metrics.	Partially automated patching using Patch (>50% of patch deployment process automated). See Patch User Guide: Operational metrics.
	Functional integration	Benchmark installed, but dependent modules are not installed or configured.	Core content and Comply are configured and feeding into Benchmark.	Core content, Comply and one additional dependent module are configured and feeding into Benchmark.	Core content, Comply, Impact and Reveal are configured and feeding into Benchmark.	Core content, Comply, Impact and Reveal are configured and feeding into Benchmark.
	Reporting	Manual; Reporting for Operators only	Manual; Reporting for Operators only	Automated; Reporting for Operators only	Automated; Reporting tailored to stakeholders ranging from Operator to Executive	Automated; Reporting tailored to stakeholders ranging from Operator to Executive; Drive business decisions using reports
Metrics	Risk Coverage	0-49%	50-69%	70-94%	95-98%	≥99%
	Risk Score	751-1000	501-750	501-750	251-500	0-250
	% of Optimal Endpoints¹	0-69%	70-79%	80-89%	90-98%	99-100%
¹ Endpoints have all applicable vectors collecting data