Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Says Rob Black, founder and managing principal, Fractional CISO: "Qualitative cybersecurity metrics are horrible at successfully driving the correct organizational behavior. Many organizations use the high, medium, and low measurements for risk. This is wrong on so many levels.
"You would never hear someone in the finance department saying that we need 'high' to fund the project. They would give a number. So should cybersecurity professionals. Try getting 'medium' insurance. These qualitative metrics do not work for other lines of business. They should not be used by the security department. Qualitative metrics should go the way of the cubit!"
(Image: thevinman via Adobe Stock)
Says Rob Black, founder and managing principal, Fractional CISO: "Qualitative cybersecurity metrics are horrible at successfully driving the correct organizational behavior. Many organizations use the high, medium, and low measurements for risk. This is wrong on so many levels.
"You would never hear someone in the finance department saying that we need 'high' to fund the project. They would give a number. So should cybersecurity professionals. Try getting 'medium' insurance. These qualitative metrics do not work for other lines of business. They should not be used by the security department. Qualitative metrics should go the way of the cubit!"
(Image: thevinman via Adobe Stock)
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio
Tweet This
