7 Tips for Choosing Security Metrics That Matter

Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
Don't Fall Into the Trap of 'So What?' Metrics
Take Advantage of Big Data Tools and More Data Sources For Operational Metrics
Consider a 'Maturity' Metric
Map Metrics to Business Outcomes
Tailor Metrics to Business Objectives and Audience
Seek to Show Progress to the Board
Metrics Support Board-Level Narratives, Not the Other Way Around

Measuring security operations performance indicators, threat statistics, and risk levels are a core activity for senior security leaders running a cybersecurity program. The right security metrics can help CISOs and their lieutenants plan out their security roadmaps, track tactical and strategic progress, prove ROI on spending, and justify additional expenditures to the board. 

However, choosing the right security metrics to track and using them well is easier said than done. Security veterans have long been working on finding the right mix of measurables that offer meaning and insight to the security team and to business stakeholders. Experts offer the following suggestions on how programs can get the most out of their security metrics.

Next slide
Recommended Reading: