The book includes insights from the following experts:
- Aanchal Gupta, Skype, CISO, With Security Metrics, Every Picture Tells a Story >>
- Aaron Weller, PricewaterhouseCoopers, Senior Managing Director of Cybersecurity & Privacy Practice, The Best Security Metrics Are Actionable >>
- Adam Ely, Walmart Global eCommerce ,VP of Information Security, Choose Security Metrics That Tell a Story >>
- Andrew Storms, New Context, Vice President of Security Services, Define Security Metrics That Are Valuable Across the C-Suite >>
- Ben Rothke, Nettitude, Ltd., Senior eGRC Consultant, CEOs Require Security Metrics with a High-Level Focus >>
- Charles Tholen, Cognoscape, Owner & CEO, Security Metrics Need to Show That Things Are Getting Done >>
- Chris Mark, PCI National Practice Director, AT&T, Security Metrics Make Sense Only in the Context of Risk >>
- Daniel Riedel, New Context, CEO, Security Metrics Help CEOs Balance the Cost of Loss Against the Cost of Protection >>
- Dave Shackleford, Voodoo Security, CEO and Principal Consultant, Make Security Metrics Your Chaos Indicator >>
- Ed Adams, Security Innovation, President & CEO, Government Agencies Rely Too Heavily on Compliance >>
- Elena Kvochko, Barclays, Head of Global Cybersecurity Strategy and Implementation, For Financial Services, Security Means Trust
- Jake Kouns, Risk Based Security, RVAsec, CISO and Co-Founder, To Be Thorough, Include Vendor Security Metrics >>
- Jason Remillard, Dimension Data, Principal Security Consultant, Business Leaders Must Relate to Your Security Metrics >>
- Julian Waits, PivotPoint Risk Analytics, CEO, Using Security Metrics to Defend the Business >>
- Keyaan Williams, CSIO Programs, EC-Council Senior Executive, Proactively Communicate the Right Security Metrics—Before the CEO Asks >>
- Dave MacLeod, Welltok, Vice President, CIO/CISO, Use Security Metrics to Present a Strong Action Plan >>
- Prasanna Ramakrishnan, Phillips, Global Head of Infosec Risk, To Lead as a CISO, Explain the Business Impact of Security Risks >>
- Nikk Gilbert, ConocoPhillips, Director of Global Information Protection and Assurance, Good Security Metrics Build Relationships and Trust >>
- Roy Mellinger, Anthem Inc.,Vice President IT Security and Chief Information Security Officer, Security Metrics- It’s a Composite Image >>
- Scott Singer, PaR Systems, CISO, Present Security Metrics Using Risk-Based Language >>
- Robin “Montana” Williams, ISACA, Business Development Executive, U.S. Public Sector & Cyber Evangelist, A Strategic Approach to Understanding and Measuring Cybersecurity Risk >>
- Roota Almeida, Delta Dental of NJ, Head of Information Security, Security Metrics Must Demonstrate Effective Security Governance >>
- Shawn Lawson, SVB Financial Group, Director of Cyber Security, Communicating Security Takes More Than Raw Metrics >>
- Steven Parker, The Advisory Board Company, Senor Director Information Security, Governance, Risk, and Compliance, Security Metrics- The More You Know, the More You Grow >>
- Tim Prendergast, Evident.io, CEO, Security Metrics Should Show How Well You’re Adhering to a Plan >>
- Trevor Hawthorn, Wombat Security Technologies, CTO, Security Metrics Need Validation and Context >>
- Troels Oerting, Barclays, Group Chief Information Security Officer (CISO), For Financial Services, Security Means Trust >>
- Vikas Bhatia, Kalki Consulting, CEO & Founder, The Key- Linking Security Metrics to Business Objectives >>
- J. Wolfgang Goerlich, Creative Breakthroughs Inc., Director of Security Strategy, Strengthen Security by Gathering Quality Threat Intelligence Metrics >>
- David MacLeod, Welltok, Vice President and Corporate IT and CISO, Use Security Metrics to Present a Strong Action Plan >>
- Gary Hayslip, City of San Diego, Deputy Director and Chief Information Security Officer, Good Security Metrics Are a Work in Progress >>
- Genady Vishnevetsky, Stewart Title Guarantee Company, CISO, Security Metrics Are About Illustrating Criticality vs Risk >>
- Jonathan Chow, Live Nation Entertainment, SVP, Chief Information Security Officer, With Security Metrics, You Don’t Have to Sweat the Details >>
- Omkhar Arasaratnam, Credit Suisse, Head of Cyber Security for Technology Security Services, When It Comes to Security Metrics, Get S.M.A.R.T. >>
Using Security Metrics to Drive Action was generously sponsored by Tenable.
Your chief executive officer (CEO) is worried. He’s spending more money on IT security. Even though he was assured that his latest IT security technology investments and policies are making the business safer, year after year, he sees organizations victimized by high-profile, costly breaches that severely damage business reputation and brand image. He’s even seen some CEOs forced to resign because of their failure to protect customer data.
Security is a growing concern in the C suite, but conversations about security often leave executives unsatisfied and even confused. Why? Because the person responsible for implementing corporate security—the chief information security officer (CISO)—fails to discuss security in terms the other executives can understand. In fact, this “techno-gibberish” is typically why CISOs tend to be held in lower regard than other executives. We decided to find out how to help CISOs and other IT security leaders reduce their “geek speak” and talk more effectively about security to other C-level executives and the board. With the generous support of Tenable, we asked 33 leading IT security experts the following question:
Your CEO calls and asks, “Just how secure are we?” What strategies and metrics do you use to answer that question?
For anyone seeking a magic security metric that will dazzle CEOs and directors, you know that there’s no one-size-fits-all metric. That said, the contributors to this e-book, based on their knowledge and experiences, believe that many security metrics are highly relevant to business strategy discussions. It’s important to keep context in mind when choosing those metrics, but even the most relevant metrics need the right kind of presentation.
In this eBook, CISOs will discover metrics that support a wide variety of business situations and gain valuable insights that can strengthen their position in the C suite.