The book includes insights from the following experts:
- Aanchal Gupta, Skype, CISO, With Security Metrics, Every Picture Tells a Story >>
- Julian Waits, PivotPoint Risk Analytics, CEO, Using Security Metrics to Defend the Business >>
- Dave Shackleford, Voodoo Security, CEO and Principal Consultant, Make Security Metrics Your Chaos Indicator >>
- Ed Adams, Security Innovation, President & CEO, Government Agencies Rely Too Heavily on Compliance >>
- Wolfgang Goerlich, Creative Breakthroughs Inc., Director of Security Strategy, Strengthen Security by Gathering Quality Threat Intelligence Metrics >>
- Jonathan Chow, Live Nation Entertainment, SVP, Chief Information Security Officer, With Security Metrics, You Don’t Have to Sweat the Details >>
- Vikas Bhatia, Kalki Consulting, CEO & Founder, The Key- Linking Security Metrics to Business Objectives >>
- Steven Parker, The Advisory Board Company, Senor Director Information Security, Governance, Risk, and Compliance, Security Metrics- The More You Know, the More You Grow >>
- Roota Almeida, Delta Dental of NJ, Head of Information Security, Security Metrics Must Demonstrate Effective Security Governance >>
Using Security Metrics to Drive Action was generously sponsored by Tenable.
Your chief executive officer (CEO) is worried. He’s spending more money on IT security. Even though he was assured that his latest IT security technology investments and policies are making the business safer, year after year, he sees organizations victimized by high-profile, costly breaches that severely damage business reputation and brand image. He’s even seen some CEOs forced to resign because of their failure to protect customer data.
Security is a growing concern in the C suite, but conversations about security often leave executives unsatisfied and even confused. Why? Because the person responsible for implementing corporate security—the chief information security officer (CISO)—fails to discuss security in terms the other executives can understand. In fact, this “techno-gibberish” is typically why CISOs tend to be held in lower regard than other executives. We decided to find out how to help CISOs and other IT security leaders reduce their “geek speak” and talk more effectively about security to other C-level executives and the board. With the generous support of Tenable, we asked 33 leading IT security experts the following question:
Your CEO calls and asks, “Just how secure are we?” What strategies and metrics do you use to answer that question?
For anyone seeking a magic security metric that will dazzle CEOs and directors, you know that there’s no one-size-fits-all metric. That said, the contributors to this e-book, based on their knowledge and experiences, believe that many security metrics are highly relevant to business strategy discussions. It’s important to keep context in mind when choosing those metrics, but even the most relevant metrics need the right kind of presentation.
In this eBook, CISOs will discover metrics that support a wide variety of business situations and gain valuable insights that can strengthen their position in the C suite.
