Getting Cybersecurity Metrics Right
Hi - Here's an article I wrote on cybersecurity metrics that just appeared in CISO Magazine. It features the perspective of Edna Conway of Cisco, Octavio Flores of P&G, and Howard Overdyk of Rockwell Collins.
Establishing a practical way to measure the maturity of a cybersecurity program is critical to managing risk. You can’t improve what you don’t measure. The question for many companies, however, is ‘what should we be measuring?’ The right type of metrics are needed for cybersecurity. Selecting the right metrics starts with understanding the difference between measuring cybersecurity program maturity versus measuring the resulting performance. It is critical to make a clear distinction between the two in order to develop metrics that are valuable to an organization and its board. For improving cybersecurity, program maturity metrics are the right way to start. Here's a link to a preview of the full article.
https://www.cisomag.com/wp-content/uploads/2018/07/ciso-mag-july-preview-2018.pdf