August 2010
1 post
Some thoughts on Information Security Metrics
We attended a CISO roundtable today and had a few takeaway thoughts on the development of security metrics.
What makes a good metric?
A good metric motivates tangible actions and desired results
Is easily understood by anyone, especially our peers outside of Information Security
Enables the business
Demonstrates the value of the security program to IT and the business