Most Organizations Don't Assess Time to Incident Detection as Key Security Metric
Infosecurity Magazine | July 25, 2013
“There’s a strong correlation between security products and metrics,” noted Tim Erlin, director of IT and risk strategy for Tripwire, which sponsored the survey. “Organizations most often build security metrics programs from the data up, rather than the business down, resulting in metrics supported by available security products, rather than focusing on those metrics that are meaningful to the business.”