Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
If you can answer these six questions, you'll be off to a great start.
Question: What questions should I keep in mind to improve my security metrics?
Joshua Goldfarb, independent consultant: Security metrics is an area most organizations understand the importance of, but few do well in. While improving security metrics is a complex problem that requires a significant time investment, here are six questions to consider when looking to do so:
• Who is your audience? Before you can design and implement meaningful metrics, you need to know who they're for.
• So what? Measure what matters. If your audience is not interested in what you're measuring, it's of no value.
• Do you need all of that detail? Less is more. Report what answers the questions your audience wants you to answer. Anything beyond that reduces clarity and introduces confusion.
• Have you mapped to controls? Mapping metrics to controls allows us to more accurately measure risk within the organization.
• Are you reporting metrics regularly? Metrics are most valuable when they are living and dynamic, rather than snapshotted and static.
• Do you refine metrics? As metrics begin to lose their value or become less relevant, they must be adjusted or removed.
Related Content:
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024