5 Rules for Cybersecurity Risk Metrics

Rules for Effective Cybersecurity Metrics

First, you must establish agreement among your leadership on the actual risk(s) to measure, then select which data will provide the most accurate representation of the risk.

The following are 5 fundamental rules for measuring cybersecurity risk:

  1. Select informative measures with actionable value to leadership
  2. Research other subject matter experts have done and worked
  3. Keep the math simple and clear
  4. Develop a standard reporting format and reporting governance
  5. Keep consistent and allow your measures and metrics to mature over time

Bonus rule: Gain buy-in from your stakeholders.



Author: Dr. Bill Souza | Jul 14, 2022 


50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.