LATEST INTELLIGENCE
2017 TRENDS IN SECURITY METRICS AND
SECURITY ASSURANCE MEASUREMENT REPORT
A SURVEY OF IT SECURITY PROFESSIONALS
M
ost managers today have
heard one or more variations
of the old adages “What gets
measured gets improved,” and “You
can’t manage what you don’t measure.”
Few, if any, business managers today,
including IT security leaders, would
dispute the idea that finding a way to
measure and track performance has
enormous benefit.
However, while the idea of
measurement seems simple on the
surface, and is almost universally
acknowledged as a good business
practice, applying the notion
of measurement to IT security
programmes can be very challenging.
Security metrics can help IT security
teams measure the effectiveness
of IT controls and demonstrate
compliance with internal security
policies, governance frameworks and
regulatory requirements.
Security metrics can also be used to
diagnose problems, identify weak
links in your security posture, facilitate
benchmark comparisons and drive
performance improvement. And last, but
most certainly not least, security metrics
can be used by IT security teams to
show business executives and boards
how existing and planned IT security
programmes align with business needs.
When it comes to IT security assurance
measurement, it may be surprising that
even in such a highly technical and
data-oriented field as security, it’s not
always clear how IT security metrics
can and should be used to measure the
performance of IT security programmes.
What approaches are IT organisations
taking today in terms of security metrics
collection, reporting, and usage? Who
are security metrics shared with and
how often? n
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
17