5 Rules for Cybersecurity Risk Metrics
Jul 14, 2022
Rules for Effective Cybersecurity Metrics
First, you must establish agreement among your leadership on the actual risk(s) to measure, then select which data will provide the most accurate representation of the risk.
The following are 5 fundamental rules for measuring cybersecurity risk:
- Select informative measures with actionable value to leadership
- Research other subject matter experts have done and worked
- Keep the math simple and clear
- Develop a standard reporting format and reporting governance
- Keep consistent and allow your measures and metrics to mature over time
Bonus rule: Gain buy-in from your stakeholders.
Author: Dr. Bill Souza | Jul 14, 2022