Nudges and Scorecards are available for Engage Pro only.
This article provides generalized instructions on how to use Mimecast Engage and Human Risk Command Center (HRCC) features to aggregate human risk data, deliver insightful governance reports, drive behavior change, and link human risk metrics to business outcomes.
Engage Aggregates Human Risk Data into High-Level Metrics and Trends
Why Aggregate Data?
Aggregating human risk data across the organization enables security teams and leadership to understand the overall security posture. Key metrics include the overall company human risk score and how it changes over time. This aggregation helps identify trends, emerging risks, and area needing attention.
Use Mimecast HRCC's Groups and Scorecards for Executive Summaries
What are Groups and Scorecards?
- Groups: Segment users by department, role, risk level, or other criteria to focus analysis and interventions.
- Scorecards: Dynamic, behavior-based risk scores for individuals or groups, similar to a credit score, reflecting security behaviors such as phishing response and secure browsing.
How to Use Groups and Scorecards in Engage
- Create Groups: Organize users into meaningful groups (e.g., by department or risk profile) within HRCC.
- Generate Scorecards: Use Engage to produce personalized and group-level scorecards that aggregate behavioral data into a single risk score.
- Deliver Executive Summaries: Aggregate scorecard data at the group or company level to create executive dashboards and reports that highlight overall risk posture and trends.
Demonstrate Behavior Improvement Needs
- Use scorecards to identify behaviors that require improvement across the organization.
- Highlight specific risky behaviors or user segments that contribute most to human risk.
- Present comparative data to show how different groups or departments perform relative to each other.
Combine Scorecards and Nudges to Drive Better Security Behavior
What are Nudges?
Nudges are targeted, real-time, just-in-time feedback messages delivered to users to encourage positive security behaviors or alert them to risky actions. They can be triggered by behavior or other factors you choose.
How to Use Scorecard and Nudges Together in Engage
- Identify At-Risk Users: Use scorecards to find users with specific problematic weaknesses.
- Target Nudges: Configure nudges to deliver personalized messages addressing these weaknesses.
- Reinforce Positive Behavior: Use nudges to recognize and reward good security practices, motivating users to maintain or improve scores.
Benefits
- Drives adoption of better security behaviors by providing timely, relevant feedback.
- Helps users recognize and mitigate their individual risks.
- Supports a culture of continuous security improvement.
Present Insights Regularly to Highlight Impact and Improvements
Why Regular Presentation Matters
Consistent communication of human risk insights keeps stakeholders informed, maintains engagement, and demonstrates the value of security initiatives.
How to Present Insights Using Engage
- Schedule Regular Reports: Deliver monthly or quarterly scorecard summaries and trend analysis to executives, managers, and relevant teams.
- Highlight Key Metrics: Focus on overall risk scores, behavior improvements, and areas needing attention.
- Showcase Impact: Include data on how security initiatives have reduced risk, improved behaviors, and strengthened security culture.
- Use Visual Dashboards: Leverage Engage's dashboards for clear, actionable visualizations.
Tie Human Risk Metrics to Business Outcomes to Justify Investments
Why Link Metrics to Business Outcomes?
Connecting human risk data to tangible business results, such as incident reduction and cost savings, builds a compelling case for continued investment in security programs.
How to Link Metrics in Engage
- Quantify Incident Reduction: Use scorecard trends to show decrease in risky behaviors that lead to security incidents.
- Calculate Cost Savings: Leverage ROI calculators or internal cost models to estimate savings from fewer incidents, reduced SOC labor, and optimized training.
- Report Business Impact: Include these financial and operational benefits in governance reports to executives and the board.
Example Outcomes
- Significant reduction in incident cleanup costs due to improved user behavior.
- Lower SOC workload and associated labor.
- Reduced training expenses by targeting only high-risk users.
Step-by-Step: Using Mimecast Engage to Achieve Governance Reporting Goals
| Step | Action | Description |
| 1 | Integrate Data Sources | Connect phishing, endpoint, DLP, HR, and other security tools to Mimecast Engage for comprehensive data collection. |
| 2 | Aggregate Data and Create Groups | Segment users by department, role, or risk level to focus analysis and interventions. |
| 3 | Generate Scorecards | Produce personalized and group-level scorecards showing risk scores and behavior trends. |
| 4 | Identify Risky Behaviors | Analyze scorecards to find behaviors and user groups needing improvement. |
| 5 | Configure Nudges | Set up targeted nudges to deliver personalized feedback and encourage better security practices. |
| 6 | Schedule Regular Reporting | Deliver executive summaries and trend reports regularly to stakeholders. |
| 7 | Highlight Impact | Present data showing improvements in security behavior, risk reduction, and culture. |
| 8 | Link to Business Outcomes | Quantify and report cost savings and incident reductions tied to improved human risk metrics. |
| 9 | Iterate and Improve | Use feedback and data trends to refine scorecards, nudges, and reporting for continuous improvement. |
If you need further assistance setting up or optimizing your governance reporting with Mimecast Engage, contact your Mimecast support representative or consult the Mimecast Engage guides & resources.
Comments
Please sign in to leave a comment.