Foundational Metrics Help Build A Security Narrative
- Metrics are useful tools for viewing a snapshot of security, but those metrics are meaningless unless a relevant and understandable narrative go with them.
- Achieving compliance doesn’t necessarily mean that your organization is secure. Communicating the intent of the compliancy requirements to your staff and ensuring they understand their importance will help make you more resilient.
“Security metrics support the ability to tell a story, but it’s the narrative that goes with the metrics and the strategy that goes around it that helps people visualize how you’re performing as an organization.”
“Security culture starts at the board and flows down to the organization’s employees,” says Daryl Flack, chief information officer (CIO) of BLOCKPHISH. “To provide value, you must understand what metrics are required to support your business objectives.”