Document Controls

  • View a Print Friendly version of this document

    Print

  • Toggle highlighting of search terms in this document

  • Text Size: 

    • A (normal)
    • A (larger)
    • A (largest)

For Security & Risk Professionals

Primary Analyst Photo Document Information Rate this Document

July 22, 2008 (updated January 17, 2012)

Develop Effective Security Metrics

by Ed Ferrara

with Stephanie Balaouras, Nicholas Hayes

Average:
(4 ratings)

This is an excerpt

Executive Summary

This report outlines the future look of Forrester's solution for security and risk (S&R) professionals looking to build a high-performance security program and organization. We designed this report to help S&R pros develop and report the appropriate security metrics for their security organization. Security metrics are a key initiative for chief information security officers (CISOs) today, but many struggle with picking the right metrics. Some CISOs use a broad-brush approach, using operational metrics to demonstrate security. The problem with this approach is that most people don't understand what the metrics are saying, and they don't understand how these metrics make their lives easier or harder. Good metrics are easy-to-understand, incite actions, and change behavior by providing a clear idea of why the audience cares. When CISOs present metrics, they must be able to clarify "What it means" and "What's in it for me?" Use this paper as a set of guidelines to develop a well-formed security metrics strategy and to drive behavior change and improve performance.

TABLE OF CONTENTS

  • CISOS Continue To Struggle To Find The Right Metrics
  • CISOs Need A Security Metrics Strategy
  • Best Demonstrated Practices In Security Metrics
  • Security Metrics Best Practice No. 1: Be Very Selective In Picking The Metrics
  • Security Metrics Best Practice No. 2: Think Beyond The Security Organization
  • Security Metrics Best Practice No. 3: Focus On Reporting And Presentation
  • Forrester's Security Metrics Next Practices
  • Identify Challenges: Use Forrester's Security Metrics Maturity Model
  • Supplemental Material
  • Related Research Documents

This is an excerpt

Buy Risk-Free

Price: US $499

Our Service Guarantee: If you are not completely satisfied with this document, notify Forrester within 24 hours of purchase for a full refund.

Already a Forrester Client?
Log in to read this document.

Add to cart

Save and Share

Document Tools

Spread the word:

ALSO OF INTEREST

RESEARCH CATEGORIES

Analyst

Ed Ferrara

Technology

Security & Risk, Security Operations, Security Program Governance

Geography

Asia Pacific, Europe, North America