For example: if you can pick 20 metrics that encapsulate a number of the CIS Critical Controls and work like crazy to keep your environment to those then you will likely get more benefit than spending your time on more sophisticated approaches.

Both Easterly and Zhora emphasize the need for organizations to embrace cybersecurity as an enabler for confidently achieving business objectives. Zhora notes that forgoing expansion opportunities due to cyber risks can sometimes pose greater existential threats than pressing forward despite potential dangers. Calculated risk-taking is necessary to

Now, let's think about this example in terms of cybersecurity.Your organization uses the NIST cybersecurity framework as a scoreboardto say, here's where we are in terms of our cyber maturity score.We think the attackers are currently ahead of us, and we need to increaseour maturity on these three important items before the end of the year.And if