Andrew Storms, New Context, Vice President of Security Services

Define Security Metrics That Are Valuable Across the C-Suite

  • Focusing on metrics just to have metrics won’t help keep an organization secure. Instead, the focus should be on metrics that are specific to the company.
  • Focus on metrics that you can track and improve consistently over time rather than focusing on whatever metrics happen to look good when security is questioned.

“We need to agree on the metrics that make the most sense to everybody across the entire C suite.”

It seems like every week a new security threat hits the Internet. From malware to phishing and distributed denial-of-service attacks, every time an organization figures out which threat is most important, a new one pops up. That leaves organizations constantly scrambling to ensure that they’re protected. For chief information officers and chief information security officers, that means spending a lot of time trying to explain to members of the C suite why they must invest capital in specific security technologies and functionality.

This is an excerpt from Using Security Metrics to Drive Action. The eBook was generously sponsored by Tenable.