Imagine you’re leading a team through dangerous territory to safety, constantly dodging attacks from an unseen enemy. To avoid the threats ahead, you have to keep everyone headed in the right direction. Would you rather be using a pedometer or a compass?

Knowing how many steps you’ve taken won’t get you to safety, but knowing if you’re going north instead of south will matter significantly. So unless you really like counting just for the sake of counting or you like taking on extra risk just for the thrill of it, you’d probably want a compass.

The real-world challenge of being a CISO today is not unlike this scenario, yet most CISOs are stuck with countless pedometers and no compass. If you’re a CISO, you’re inundated with reports and dashboards that measure all kinds of activities with precision, but none of them tell you if you’re truly headed in the right direction.

ReliaQuest has long understood this conundrum facing security leaders and developed a proprietary framework to measure your security programs’ maturity and performance: the Security Model Index. While our customers have been using the Model Index for years to understand how to improve their environment visibility, threat coverage, and team performance, we’ve recently made improvements to Model Index that expand the insights we generate and realign around three concepts you’re very familiar with: detection, investigation, and response.

ReliaQuest combines weighted scores across these three components to form a “compass” that helps you understand if your team is headed in the right direction to improve your security posture. Different levels of granularity in the Model Index metrics give you flexibility to cater to your audience. The indices provide directional data that can support strategic discussions with your board and your C-suite about areas needing investment. Drilling down into the underlying metrics yields detailed data that helps your security leadership and SOC teams make informed day-to-day decisions and improve operations.

Graphic depicting the metrics important to three stakeholder groups: for the board and C-suite, "enterprise-wide DIR capability snapshot" and "cyber risk management posture. For security leadership, "guide DIR strategy and maturity programs" and "support capability commitments." For SOC, "drive day-to-day decision making" and "observe outliers and leading indicators." image

Whether speaking to the board, evaluating security operations strategy, or making tactical decisions, the three pillars of Model Index help you answer questions to understand and improve your security operations program. For example:


  • How much of the environment can we see? Do we have adequate data source coverage?
  • Can we detect anomalous behavior everywhere and anywhere our business operates?
  • Do we have the necessary detection controls in place? Where do we need better detection coverage?


  • Is the team focusing on the right investigations?
  • Do we have the capability to gather the required data sets to investigate anomalous or malicious behavior?
  • Are we proactively identifying and investigating suspicious behavior in our environment?


  • How fast are we responding to and resolving issues? Where is the team spending time?
  • How can we more effectively qualify incidents and more quickly respond to incidents?
  • How can we better automate our workflow to save time?

Learn More

No matter where you are in your security operations journey, ReliaQuest can help guide you in the right direction. To learn about how GreyMatter and the Security Model Index can help you overcome security challenges and improve performance, reach out to request a demo.