Tim Prendergast: Security Metrics Should Show How Well You’re Adhering to a Plan
If you see better results each time you run the tests, you know you have an effective security program that is reducing your attack surface. Metrics that measure the security IQ of people accessing your cloud environments are a good place to start. "There are two high...
Adam Ely: Choose Security Metrics That Tell a Story
Stay away from tactile metrics that don’t help executives understand the value of the security program. Use metrics to build a cohesive story that illustrates the probability of security issues, the potential damage that can be done, and steps necessary to reduce...
Nikk Gilbert: Good Security Metrics Build Relationships and Trust
Metrics can be a great way to establish the CISO’s integrity within the enterprise. Measuring metrics, both at the operational and strategic levels, is vital. "What I’m trying to do from a strategic point of view is find those metrics that are really going to resonate...
Keyaan Williams: Proactively Communicate the Right Security Metrics—Before the CEO Asks
Effective communication of security information— before the CEO asks—is a measure of a CISO’s effectiveness. Be intelligently selective about metrics: focus only on those that provide business value. "The way you develop your security strategy and align it to the...
David MacLeod: Use Security Metrics to Present a Strong Action Plan
When presenting security metrics to the CEO or board, a CISO should give them confidence that a strong action plan for responding to incidents is in place. The human element of information security is also important to highlight, so it’s wise to share metrics on...
Prasanna Ramakrishnan: To Lead as a CISO, Explain the Business Impact of Security Risks
Rather than presenting metrics that the CEO or board may not understand, a CISO should explain security trends of importance to the company. Visualizations such as infographics may aid in telling that story because they quickly capture executives’ attention....
Ben Rothke: CEOs Require Security Metrics with a High-Level Focus
It’s important to understand that CEOs just want to know that their systems are working and important data are safe. Be prepared for a discussion about what X dollars will buy in additional risk abatement and what the upside of that investment will be to the business....
Gary Hayslip: Good Security Metrics Are a Work in Progress
Metrics are key for putting cybersecurity into a business perspective. Use metrics to spell out your cybersecurity risks in hard dollar terms. "When you collect metrics, you’re collecting them to tell a story." Gary Hayslip found himself sitting next to the mayor of...
Rahul Goyal: Success Depends On Clearly Understanding Business Objectives
Working with a service provider, whether it’s for a specific project or broader IT management functions, frees up IT people to focus on what is most strategically important to the business. When deciding what to outsource first, begin with IT functions that have the...
Bret Carr: Outsource Everything That Relies On In-House Infrastructure
Midsize companies often get priced out of outsourcing options available to smaller companies and very large enterprises. Still, it’s not feasible for them to maintain the inhouse expertise and infrastructure they need to run and grow the business. An application...
