A SANS 2021 Report: Making Visibility Definable and Measurable

Visibility does not lend itself to a precise definition—the meaning will differ depending on who is looking. Yet organizations need to establish a visibility strategy that complements their security profile in order to assess where they should direct resources to improve for the future. To achieve this, organizations need to take an interdisciplinary approach, as SANS did in this report. We sought insight from key individuals within SANS, including curriculum leads, instructors, and analysts. The common message which emerged was that good visibility encompasses the triad of people, processes, and technology.