Document Controls
For Security & Risk Professionals
| Primary Analyst Photo | Document Information | Rate this Document |
|---|---|---|
 |
January 20, 2006 How To Measure What Matters In Securitywith Simon Yates, Khalid Kark, Sarah Bernhardt |
|
This is an excerpt
Executive Summary
Assess your firm's level of security metrics evolution — you'll fall somewhere between stage one, where you're too busy fighting fires to know what to measure, and the nirvana of stage four, where security, IT, and line-of-business executives use security metric data to drive risk management decisions. The most important areas in which to create security metrics are: business continuity, security configuration management, identity management, incident response, and security awareness. Do design your security metric definitions with machine-readability in mind for future automation, and don't focus solely on compliance — otherwise, you'll drive executives to pursue superficial fixes instead of addressing the underlying problems. Use personal accountability to your advantage; no one wants to run an "insecure" business unit or assume excess risk.
This is an excerpt
Buy Risk-Free
Price: US $499
Our Service Guarantee: If you are not completely satisfied with this document, notify Forrester within 24 hours of purchase for a full refund.
Already a Forrester Client?
Log in to read this document.
