Dave Shackleford

Dave Shackleford, Voodoo Security, CEO andPrincipal Consultant

Make Security Metrics Your Chaos Indicator

  • Choose metrics purposefully. Tracking unapproved configuration changes makes sense; tracking the number of antivirus installations probably doesn’t.
  • CISOs should constantly chart their IT environment and keep tracked metrics close at hand, to be communicated at a moment’s notice.

“If you tell business people, ‘Hey, look at all these systems that have antivirus!’ Who cares? What does that even mean to me?”

Business is a language of measurable numbers—metrics. Any competent chief information security officer (CISO) can offer up metrics that help shape the C suite’s understanding of IT security and score resources needed to protect the environment, says consultant and industry influencer Dave Shackleford. But select them with purpose.

This is an excerpt from Using Security Metrics to Drive Action. The eBook was generously sponsored by Tenable.