Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

07:00 AM
Ericka Chickowski
Ericka Chickowski
Edge Features
Connect Directly

The 20 Worst Metrics in Cybersecurity

Security leaders are increasingly making their case through metrics, as well they should - as long as they're not one of these.

One Attack Risk Metric To Rule Them All

Says Brian Contos, CISO at Verodin: "'How secure are we from attacks?' When I see [a single] metric created [to answer this question], I cringe because generally the math is predicated on the juxtaposition of discovered vulnerabilities to patched vulnerabilities. That's a great metric to have when trying to understand how successful you are at patching vulnerabilities, and we should all, of course, be doing this. But it doesn't really address how secure you are from an attack.

"This [is gauged with metrics that] can be broken into categories, such as: How effective are my network, endpoint, email, and cloud security tools? How effective is my MSSP in adhering to their SLAs? How effective is my security team at responding to incidents? And how effective are the processes that my security team follows?"

(Image: Dmitry Sunagatov via Adobe Stock)

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
5 of 21
Print  | 
More Insights
Flash Poll