In an environment where physical and cyber risks are increasing, it is critical that security organizations maintain well established security metrics to better control, track, and refine preparation, mitigation, and response operations to replace fear and uncertainty in organizational functions.
Executives are concerned with how secure their organizations are, the likelihood of a breach occurring, and what security programs are most effective at protecting people and assets. However, security metrics should provide visibility into operational effectiveness and illustrate the strategic value of those operations.
Using examples from security metric programs developed for federal and private security focused organizations, this presentation shares contemporary best practices for security metrics and measures for security organizations.
- Understand the challenges of designing security measures and metrics relevant to the current and future hyper-connected security landscape and ecosystem
- Understand how to present security measures and metrics that provide business value to leadership based on organizational maturity and culture
- Understand how to use and present different types of security metrics (lagging and leading strategic, operational, and tactical) to effectively convey the intended message based on the needs and interests of the audience