Security Metrics - Tell the Business a Story without Putting Them to Sleep presented at CISOchicago 2014

by Edward Marchewka,

Summary : We've all heard the mantra of ‰ÛÏyou can't manage what you don't measure.‰Û In this talk, Ed Marchewka will go beyond the standard discussion of ‰ÛÏyou must have metrics‰Û and dive into some of the true tactical approaches to security metrics and seek to answer the question, ‰ÛÏWhat should I measure?‰Û The session will then explore what comes after these security metrics are in place and examine how to bundle them together into something the business cares about in order to drive awareness, staffing, funding and support.