Who is security metrics

Indeed, security leaders and their organisations have used a myriad of metrics over the years. But there are some metrics, or the right combination of measures and narrative, that are more useful than others. Curtis Simpson, CISO of the tech firm Armis and former CISO of Sysco Foods, believes metrics are more important than ever, considering the increasingly high stakes of getting security right and the growing board oversight in this space.

As such, he seeks out measurements that narrate how security helps the business achieve its objectives. As an example, he points to the metrics he used at Sysco, which had a stated goal of serving its global customers on a hour basis. Simpson acknowledges that particular metric might not work for other CISOs. He advises them to find the metrics that can help them measure security-related business impact, risk to key objectives and mitigation success over time.

Richard Stiennon, chief research analyst at IT-Harvest and author of Security Yearbook , says he worked with a company in the defence industry that tracked threats and categorised them from low level to weaponised and reported on that. In effect, he says, this company turned what is often a meaningless number number of threats and gave it context that other executives and board members understand and can use to make meaningful decisions around investing in security improvements.

We do that by measuring the right things. The metrics you choose to track should be quantifiable and hold influence over behavior and strategy. They should direct toward ongoing security efforts so you can monitor the progress of your framework over time.

Metrics also allow you to share security program insights with company executives in an objective, easy-to-understand manner. Hard numbers and benchmarks help avoid confusion and efficiently highlight areas for improvement. One of the most obvious and important security metrics is dwell time, which is the amount of time a threat actor has undetected access within a network before being completely removed.

This is relevant because the longer it takes for a company to contain an attack, the more it will cost. As pressure mounts for executives to make data-driven decisions, measuring security KPIs becomes more important than ever before. Documenting your cybersecurity program and using data to improve its efficiency can not only help you decide what steps to take next, but can also help your organization avoid fines, lawsuits, and other penalties.

GDPR is a recent data protection law put in place by the European Union that applies to any businesses handling data belonging to EU residents, even if that business is not an EU-based company. It aims to provide users with greater transparency and power over their sensitive data.

The security threats that modern organizations face are constantly multiplying and evolving, and consumers are choosing to share more data with companies than ever before.

Security metrics are an objective, quantifiable way to track progress and compliance in order to avoid breaches and in turn, fines and lawsuits. SecurityScorecard makes it simple to regularly monitor compliance across your entire digital ecosystem. Security ratings additionally provide you with the tools and intelligence you need to identify security shortcomings and improve cyberhealth across your organization.

Skip to main content Search Search securityscorecard. Making the world a safer place, together. Join the millions of organizations who are transforming the way they navigate risk. View Products. Security Ratings Identify security strengths across ten risk factors. Security Data Get actionable, data-based insights. SecurityScorecard Marketplace Discover and deploy pre-built integrations. Security Assessments Automate security questionnaire exchange. Professional Services Get tailored advice and managed services.

Free Account Sign Up. Due Diligence Compliance. Handbook of Research on Clinical Application In the past, individuals in the dentistry field ha In Stock. Handbook of Research on the Efficacy of Trai The content of medical education knowledge transfe Theory and Practice of Business Intelligence Business intelligence supports managers in enterpr Research-Based Perspectives on the Psychophy Yoga has evolved into a popular fitness practice a Cloud Computing Systems and Applications in The implementation of cloud technologies in health Workforce Development Theory and Practice in