Four principles for security metrics
October 31, 2019
As a data scientist I cannot solve business problems if appropriate data is not available. However, this is the situation faced by security leaders on a daily basis – they have to make strategic decisions, which will impact their cyber security posture, without having access to the insights they need. How can they overcome the twin challenges of a lack of visibility (not enough of the right information) and a lack of confidence (untrusted information)? By developing a robust security metrics programme.
The ability to make informed operational security decisions based on trusted metrics, delivered via automated continuous controls monitoring, could enable security leaders to have confidence that their company and sensitive data is protected. This is evidenced by a July 2019 study, conducted by Forrester Consulting, which surveyed over 250 senior security decision makers in North America and Europe.
Over half (57%) of those surveyed said that having a range of security metrics, such as key performance indicators, key risk indicators, and service-level agreement metrics aligned to any security framework, would be a ‘extremely valuable’ capabilities in a cybersecurity solution.
You can read the full article by IT Security Guru here.