Better Metrics Can Show How Cybersecurity Drives Business Success
The truth is that in today’s hyperconnected world, maturity-based cybersecurity programs are no longer adequate for combatting cyberrisks. A more strategic, risk-based approach is imperative for effective and efficient risk management (Exhibit 2).
Jim Boehm • The Risk-Based Approach to Cybersecurity
To improve decision making at this level, the metrics provided by the security team must be risk based and framed in a way that aligns with business drivers.
tenable.com • How to Improve Your Cybersecurity Decision-Making to Reduce Business Risk - Blog | Tenable®
Mostly, they seek out vulnerabilities, detect attacks, and eliminate compromises. Of course, the size of the attack surface and the sheer volume of vulnerabilities, attacks, and compromises means organizations must make tough choices; not everything gets fixed, stopped, recovered, and so forth. There will need to be some form of acceptable (tolerab
... See moreStuart McClure • How to Measure Anything in Cybersecurity Risk
For example: if you can pick 20 metrics that encapsulate a number of the CIS Critical Controls and work like crazy to keep your environment to those then you will likely get more benefit than spending your time on more sophisticated approaches.
Phil Venables • 6 Truths of Cyber Risk Quantification
Remember, it's about people, processes, and technology. Technology provides the data; processes are the glue that brings it together and makes cybersecurity part of the business process. And the people element is about taking the organisation on a journey. We need to present our KPIs in a way the organisation will understand to stakeholders who are
... See more