5 Rules for Cybersecurity Risk Metrics

metrics risk risk management Jul 14, 2022

Rules for Effective Cybersecurity Metrics

First, you must establish agreement among your leadership on the actual risk(s) to measure, then select which data will provide the most accurate representation of the risk.

The following are 5 fundamental rules for measuring cybersecurity risk:

  1. Select informative measures with actionable value to leadership
  2. Research other subject matter experts have done and worked
  3. Keep the math simple and clear
  4. Develop a standard reporting format and reporting governance
  5. Keep consistent and allow your measures and metrics to mature over time

Bonus rule: Gain buy-in from your stakeholders.



Author: Dr. Bill Souza | Jul 14, 2022 


Want Helpful Cyber Risk Tips Every Week?


You're safe with me. I'll never spam you or sell your contact info.