Trends Report

Measure The Effectiveness Of Your Security Operations

January 15th, 2015
Ed Ferrara
With contributors:
Stephanie Balaouras , Josh Blackborow


Information security programs have struggled with legitimacy with senior leaders for a long time. There are many reasons for this, but the root cause is the historical inability of CISOs to explain the business impact of information security, the risks facing the firm in business terms, and the business value of the information security organization. Senior leaders ask CISOs four questions: 1) Are we any more secure this year than last year? 2) Are we spending the right amount on information security? 3) Is cybersecurity contributing to the strategic and tactical objectives of the organization? and 4) Is cybersecurity protecting the interests of our customers? The right security metrics can help answer these questions and do more. For example, your team can harness the intelligence in log and event data to profile the firm's vulnerabilities, compare those vulnerabilities with potential attacks, and prioritize the appropriate defensive measures. Security metrics used in this way have the ability to enhance security decision-making. This report proposes a practical approach to metric selection that improves security posture and increases business alignment. This is an update of a previously published report; Forrester reviews and updates it periodically for continued relevance and accuracy.

Want to read the full report?

Contact us to become a client

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.