Security metrics – which work and which don’t!

When used effectively metrics can help identify strengths and weaknesses in controls and processes in an organisation’s cyber security program and provide a sense of the value being derived from it.

Not only can metrics measure how well a security program is doing, they are important when it comes to communicating results and overall progress to the C-suite. However, metrics are not an exact science and a key challenge that many cyber security teams have is finding and gathering the right metrics.