Save or Share this Report

For Security & Risk Professionals

Case Study: Verizon Business Builds An Asset-Based Security Metrics Program

July 22, 2008

Primary author headshot


  • By Khalid Kark
  • with Jonathan Penn,
  • Alissa Dill,
  • Allison Viglianti

Why Read This Report

In response to the evolving security threat environment and heightened attention to regulatory compliance, many companies started migrating from a purely reactive security program to a proactive risk-based security program. This has led to new challenges for chief information security officers (CISOs), who now need to convert the risk management vision set by the business into an actionable strategy for the security and risk management program. Sara Santarelli, CISO at Verizon Business, started moving her security practice in this direction five years ago when her team was developing an IP risk dashboard that is driven by "asset-based" metrics. Not only does this dashboard measure the effectiveness of the risk management program, but it also translates these measures into an actionable risk mitigation strategy. With asset-based testing and measurements, the results also provide the basis and justification for new security investments and projects.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($499 USD).