You might not find these measurements on a standard cybersecurity department checklist. But they can help evaluate risks you haven’t even considered yet.
A regular audience with executive management and the board is part of the CISO role now. And security leaders know they need to bring measurable information to the conversation to explain and justify their performance and spending. Metrics are no longer optional in security management, and if risk leaders aren’t tracking elements such as mean time to detect and respond, and attack frequency, they are leaving out a valuable aspect of a holistic security program.
But what else should we be measuing? Are there new, different or emerging measurements that address other concerns?
Recently we brought you the worst metrics used in security. This time, we’ve asked security professionals what they think are overlooked or newly emerging metrics that can help make the case for security in new ways.
(Continued on next page)
Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio