From the course: Program Management for Cybersecurity Managers: From Planning to Cross-Functional Coordination

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Security metrics and reporting

Security metrics and reporting

From the course: Program Management for Cybersecurity Managers: From Planning to Cross-Functional Coordination

Start my 1-month free trial Buy for my team

Security metrics and reporting

- [Narrator] Without good metrics, you are driving in the dark with a dirty windshield. Let's talk about how to steer with clarity. You wouldn't drive cross country without a clear view ahead and a dashboard to keep an eye on your car, so don't run your program without these either. Cyber threats are like carbon monoxide. You won't see them until it's too late without detection. Well done metrics are more like fitness trackers than smoke alarms. They show trends over time and give you a basis for making adjustments. For example, if you're mean time to detect is too high, you might invest in more detection capabilities. If patching lags, you might fix your processes. Metrics tell you where your next dollar will have the most impact. Metrics also bridge the language gap between us and senior decision makers. They translate risk into results, patching cadence, mean time to detect, and recovery time objectives. These speak in a language that boards understand. Here's a great example. Slow…

Contents