CLIP THIS INQUIRY

Select a group:

Group Name
Create New GroupClip

CLIP THIS FLOW

Select a group:

Group Name
Create New GroupClip
This is the Performance Management report in The S&R Practice Playbook.

For Security & Risk Professionals

Develop Effective Security Metrics

January 17, 2012

By Ed Ferrara with Stephanie Balaouras, Nick Hayes

  • 2159 downloads
  • 0 comments
  • Rating:

Why Read This Report

This report outlines the benchmarks for Forrester's solution for security and risk (S&R) professionals looking to build a high-performance security program and organization. We designed this report to help S&R pros develop and report the appropriate security metrics for their security organization. Security metrics are a key initiative for chief information security officers (CISOs) today, but many struggle with picking the right metrics. Some CISOs use a broad-brush approach, using operational metrics to demonstrate security. The problem with this approach is that most people don't understand what the metrics are saying, and they don't understand how these metrics make their lives easier or harder. Good metrics are easy-to-understand, incite actions, and change behavior by providing a clear idea of why the audience cares. When CISOs present metrics, they must be able to clarify "What it means" and "What's in it for me?" Use this paper as a set of guidelines to develop a well-formed security metrics strategy and to drive behavior change and improve performance.
Tags: Security Operations, Security Program Governance, Security, Risk and Compliance
US $ 499
Become A Client

Get objective, pragmatic guidance that helps you make tough decisions and succeed in a complex world. Contact us to learn more.

Already A Client?
Log in to read this document.

TABLE OF CONTENTS

  • CISOS Continue To Struggle To Find The Right Metrics
  • CISOs Need A Security Metrics Strategy
  • Best Demonstrated Practices In Security Metrics
  • Best Practice No. 1: Be Very Selective In Picking The Metrics
  • Best Practice No. 2: Think Beyond The Security Organization
  • Best Practice No. 3: Focus On Reporting And Presentation
  • Forrester's Security Metrics Next Practices
  • Identify Challenges: Use Forrester's Security Metrics Maturity Model
  • Supplemental Material
  • Related Research Documents
 
Loading...

Browse

About Forrester

Forrester Research, Inc. is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology.

Roles We Serve

Forrester supports leaders in 13 roles across three distinct client segments: Business Technology, Marketing & Strategy, and Technology Industry.

Analysts & Coverage Areas

Aligned to your professional role, Forrester's analysts are experts in the specific technologies, issues, and trends currently impacting your business.

Research
Latest Reports
Playbooks
Charts & Figures
Forrester Waves
Planned Research
Data
Consumer Data
Business Data
Events
Forums
Webinars
Workshops
Tools & Templates
Vendor Selection Aids
Best Practice & Self-Assessments
Models & Calculators
Document Templates

Forrester Leadership Boards

Fresh thinking and collaborative problem-solving through an unmatched combination of peer networking, forward-looking analysis, and professional guidance.

Consulting

Our expert analysts provide custom research-based frameworks to guide you through each phase of your critical business initiatives from identifying opportunity to optimizing results.

Community

Connect with peers and analysts, share your views, and ask questions on key business issues.

Blog

Forrester analysts weigh in on the latest business and technology news.

  • BROWSE
  • Register
  • Call +1 617.613.5730
  • Cart