Security Metrics Should Show How Well You’re Adhering to a Plan
- If you see better results each time you run the tests, you know you have an effective security program that is reducing your attack surface.
- Metrics that measure the security IQ of people accessing your cloud environments are a good place to start.
“There are two high level questions the CEO wants answered: Is our security getting better or worse? and are we adhering to our security strategy?”
Security metrics that matter to the chief executive officer (CEO) depend on a lot of variables, including the organization’s maturity. “If we answer this question from the perspective of a mature organization,” says Tim Prendergast, “there are two high level questions the CEO wants answered: Is our security getting better or worse? and are we adhering to our security strategy?”