Security Posture
What is Security Posture?
Security PostureThe overall strength of an organization's cybersecurity defences, expressed as its ability to predict, prevent, detect, respond to and recover from threats.
Security posture is the aggregate view of an organization's controls, people, processes and exposures at a point in time. It combines factors such as asset inventory accuracy, patch levels, configuration hygiene, identity controls, detection coverage, incident-response maturity and third-party risk. Mature posture management programs use automation (CSPM, ASM, vulnerability scanners) to continuously measure deviation from a defined baseline and feed prioritised remediation. Common metrics include risk scores, control coverage versus frameworks like NIST CSF or CIS Controls, mean times for detection and recovery, and reduction of the exploitable attack surface.
● Examples
- 01
A CISO presenting a quarterly dashboard showing posture trend across cloud, identity and endpoint.
- 02
A CSPM tool detecting a posture drift when a storage bucket is made public.
● Frequently asked questions
What is Security Posture?
The overall strength of an organization's cybersecurity defences, expressed as its ability to predict, prevent, detect, respond to and recover from threats. It belongs to the Defense & Operations category of cybersecurity.
What does Security Posture mean?
The overall strength of an organization's cybersecurity defences, expressed as its ability to predict, prevent, detect, respond to and recover from threats.
How do you defend against Security Posture?
Defences for Security Posture typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Security Posture?
Common alternative names include: Cybersecurity posture, Security stance.