Document Controls
For Security & Risk Professionals
| Primary Analyst Photo | Document Information | Rate this Document |
|---|---|---|
|
May 16, 2007 Defining An Effective Security Metrics Programby Khalid Kark, Paul Stamp with Jonathan Penn, Sarah Bernhardt, Alissa Dill |
Average: 9
(2 ratings)
|
This is an excerpt
Executive Summary
In a recent survey, Forrester found that the majority of security metrics programs are still in their infancy or planning phases. The respondents cited two main challenges in developing their metrics programs: finding the right metrics and translating the security metrics into business language. A lot of security managers are focused on gathering and reporting tactical and status update information. To develop a successful security metrics program, CISOs need to identify, prioritize, monitor, and measure security based on business goals and objectives. They should then focus on translating those measurements into business language to help executive management in strategic business decisions.
TABLE OF CONTENTS
- Security Metrics Are Still In Their Infancy
- Seven Steps To A Successful Metrics Program
RECOMMENDATIONS
- Five Tips On Developing Metrics That Matter With Executives
WHAT IT MEANS
- Metrics Become The New Justification For Security Investment
- Related Research Documents
This is an excerpt
Buy Risk-Free
Price: US $499
Our Money-Back Guarantee: If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.
Already a Forrester Client?
Log in to read this document.
