Irene Corpuz: When Reporting Security Initiatives To Management, Keep It Simple
Reporting to a government agency is more complex than to a CEO or director, who typically prefer less technical analysis. Training and awareness among the team are just as important as compliance. "To some, they hate measures, but to people who understand why measures...
Daryl Flack: Foundational Metrics Help Build A Security Narrative
Metrics are useful tools for viewing a snapshot of security, but those metrics are meaningless unless a relevant and understandable narrative go with them. Achieving compliance doesn’t necessarily mean that your organization is secure. Communicating the intent of the...
Kyle Hastings: Communicating Security Requires Two Vocabularies
Ask the C-suite or the board what their top management concerns are to understand what the business’s risks are. Then you need to examine if they are comfortable with the risk levels in these top areas of concern. Making metrics meaningful to the CEO or the board...
Istvan Rabai: Security Metrics Are About People And Money
If you want the CEO to understand the importance of security investments, frame the message in a language he or she understands, by providing metrics, real-world examples, and monetary results. Educating both senior management and network users on the threats the...
Andrew Green: Focus On Security Metrics That Demonstrate Cyber Resilience
Moving towards greater sharing of metrics is key for the collective attack surface to be reduced. Frame security metrics in a meaningful, understandable context to ensure that CEOs and other executives understand not only the risks the organization faces but also the...
Shaju Bhaskaran: Metrics And Industry Comparisons Create A Complete Security Picture
Focusing on operational metrics may allow you to present impressive numbers, but it will do nothing to tell the CEO just how secure the organization is, so it’s important to focus on critical metrics that have deeper meaning. When communicating security levels to the...
Aanchal Gupta: With Security Metrics, Every Picture Tells A Story
Tracking externally reported incidents will help you determine whether your security preparedness is trending in the right direction. Don’t try to tell the whole story verbally. A data-rich trend graph can be much more compelling and convincing than any speech. "Right...
Arnaud Laudwein: There’s More To Security Metrics Than Raw Numbers
Presenting a report filled with metrics to CEOs and executives doesn’t provide an understandable picture of security. They need context to understand how the metrics translate to business objectives. Meeting compliance requirements doesn’t mean that nothing else needs...
Cedric Thevenet: Metrics Must Show Security Expenditures Provide The Right Level Of Protection
In considering which metrics best tell the bank’s security story at an executive level, maturity statistics are among the most important. For each business line, we evaluate the highest risks, our exposure to them, and their potential business impact. "Banks take...
Russell Hoffman: One Way To Measure Treasury Value Is By How Strategic It Is
How effectively companies leverage treasury to manage risk often comes back to the objectives of the business and their ability to invest in systems that are treasury enablers. Modern treasury gives the CFO a new level of confidence in critical financial information...
