Security teams have learned to measure activity. The harder task is turning those measurements into signals directors can use ...

For security professionals, two free risk-management guides out this week provide directions on how to establish corporate security metrics, as well as tips on organizing risk-assessment and ...

One of the most difficult aspects of managing risk in information assurance (IA) is that our statistical information is so poor. We don’t know about security breaches that we have not noticed; we ...

The National Defense Authorization Act for Fiscal Year 2017 (2017 NDAA) requires the Department of Homeland Security (DHS) to develop an annual report containing 43 specific metrics to measure the ...

For years, organizations have relied on traditional security metrics to measure their risk posture. Service-level agreements (SLAs), issue closure rates, and compliance checklists dominate dashboards, ...

Identity drift, stale access paths, alert fatigue, and risky change patterns are the security metrics most likely to predict a breach.

With the US Securities and Exchange Commission requiring CISOs and boards of directors to increase the level of transparency around their organizations' cybersecurity capabilities and to speed up ...

How do we manage what we can’t measure? One of the cornerstones of the scientific method is measurability: a focus on defining the ways of counting or measuring aspects of reality that we hope will be ...

There are multiple metrics CISOs can use to improve the effectiveness of security efforts and demonstrate key business alignment, among other benefits. Measuring security performance may not sound ...

How do we manage what we can’t measure? One of the cornerstones of the scientific method is measurability: a focus on defining the ways of counting or measuring aspects of reality that we hope will be ...