Executive Summary (This is a document excerpt)

Assess your firm's level of security metrics evolution — you'll fall somewhere between stage one, where you're too busy fighting fires to know what to measure, and the nirvana of stage four, where security, IT, and line-of-business executives use security metric data to drive risk management decisions. The most important areas in which to create security metrics are: business continuity, security configuration management, identity management, incident response, and security awareness. Do design your security metric definitions with machine-readability in mind for future automation, and don't focus solely on compliance — otherwise, you'll drive executives to pursue superficial fixes instead of addressing the underlying problems. Use personal accountability to your advantage; no one wants to run an "insecure" business unit or assume excess risk.

Buy Risk-Free

Download and print PDF immediately. Price: US $499

Our Money-Back Guarantee: If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.

Already a Forrester Client?
Log in to read this document.