. https://www.tripwire.com/state-of-security/vulnerability-management/turning-data-metrics-vulnerability-story/
blog article
Cybersecurity Metrics in Business Context. As such, we as security professionals need to ensure we are providing data to the business, so they understand what it is we do and how it is we go about protecting them. The question herein is: What metrics should we provide? As technical folks, it’s easy for us to get caught up in the details. What we often forget is that executives and business-minded individuals have no idea what we’re talking about. They just smile and nod, but when it’s time to pull out the chequebook to fund an information security project, they won’t be able to justify the cost. Next time you are building an executive metrics deck, keep this in mind: If they don’t understand how you are saving them money, they won’t give you money to fund your projects. Vulnerability Management Metrics. One of the foundational areas for a security program is vulnerability management (VM). This blog post will focus on specific metrics that you should be looking at as part of the vulnerability management program. READ MORE