Proactively Communicate the Right Security Metrics—Before the CEO Asks
- Effective communication of security information— before the CEO asks—is a measure of a CISO’s effectiveness.
- Be intelligently selective about metrics: focus only on those that provide business value.
“The way you develop your security strategy and align it to the business influences what kind of metrics you’re going to gather.”
Keyaan Williams thinks that a chief information security officer (CISO) who has been in the position longer than 90 days should never receive a nervous call from the chief executive officer about business security. The question should already be answered.