Communicating Security Takes More Than Raw Metrics
- A set of security metrics can give you a picture of the state of your security, but it doesn’t necessarily give you the whole picture. For that, use metrics to create and illustrate trends over time.
- At the board level, security metrics are just noise. Instead, use those metrics to create a picture that assures the board that everything is OK.
“Metrics are a moving target, really. We’re actually in the process of trying to build better metrics.”
Shawn Lawson is the director of cyber security at Silicon Valley Bank, and he’s been in the security industry for about 20 years, so he’s seen a lot change and grow in the industry—including security metrics. “It’s a moving target, really,” he says. “Today, we’re actually in the process of trying to build better metrics.”