The book includes insights from the following experts:
- Charles Tholen, Cognoscape, Owner & CEO, Security Metrics Need to Show That Things Are Getting Done >>
- Jake Kouns, Risk Based Security, RVAsec, CISO and Co-Founder, To Be Thorough, Include Vendor Security Metrics >>
- Chris Mark, PCI National Practice Director, AT&T, Security Metrics Make Sense Only in the Context of Risk >>
- Daniel Riedel, New Context, CEO, Security Metrics Help CEOs Balance the Cost of Loss Against the Cost of Protection >>
- Robin “Montana” Williams, ISACA, Business Development Executive, U.S. Public Sector & Cyber Evangelist, A Strategic Approach to Understanding and Measuring Cybersecurity Risk >>
- Tim Prendergast, Evident.io, CEO, Security Metrics Should Show How Well You’re Adhering to a Plan >>
Using Security Metrics to Drive Action was generously sponsored by Tenable.
Your chief executive officer (CEO) is worried. He’s spending more money on IT security. Even though he was assured that his latest IT security technology investments and policies are making the business safer, year after year, he sees organizations victimized by high-profile, costly breaches that severely damage business reputation and brand image. He’s even seen some CEOs forced to resign because of their failure to protect customer data.
Security is a growing concern in the C suite, but conversations about security often leave executives unsatisfied and even confused. Why? Because the person responsible for implementing corporate security—the chief information security officer (CISO)—fails to discuss security in terms the other executives can understand. In fact, this “techno-gibberish” is typically why CISOs tend to be held in lower regard than other executives. We decided to find out how to help CISOs and other IT security leaders reduce their “geek speak” and talk more effectively about security to other C-level executives and the board. With the generous support of Tenable, we asked 33 leading IT security experts the following question:
Your CEO calls and asks, “Just how secure are we?” What strategies and metrics do you use to answer that question?
For anyone seeking a magic security metric that will dazzle CEOs and directors, you know that there’s no one-size-fits-all metric. That said, the contributors to this e-book, based on their knowledge and experiences, believe that many security metrics are highly relevant to business strategy discussions. It’s important to keep context in mind when choosing those metrics, but even the most relevant metrics need the right kind of presentation.
In this eBook, CISOs will discover metrics that support a wide variety of business situations and gain valuable insights that can strengthen their position in the C suite.