Document Controls
For Security & Risk Professionals
| Primary Analyst Photo | Document Information | Rate this Document |
|---|---|---|
 |
July 22, 2008 Best Practices: Security Metricsby Khalid Kark with Jonathan Penn, Alissa Dill, Allison Herald, Margaret Ryan |
Average: 8
(4 ratings)
|
This is an excerpt
Executive Summary
Security metrics are a key initiative for many chief information security officers (CISOs) today, but many of them struggle with picking the right security metrics and translating the operational measurements into meaningful metrics for business. Forrester interviewed more than 20 companies in various stages of their security metrics programs, and some that have successfully implemented them, to glean best practices and lessons learned from those efforts. The three main themes that came out of this research are: Be very selective in picking your security metrics, think beyond the security organization, and focus on reporting and presentation.
TABLE OF CONTENTS
- CISOs Struggle To Find The Right Metrics
- Best Demonstrated Practices In Security Metrics
- Security Metrics Best Practice No. 1: Be Very Selective In Picking The Metrics
- Security Metrics Best Practice No. 2: Think Beyond The Security Organization
- Security Metrics Best Practice No. 3: Focus On Reporting And Presentation
- Forrester's Security Metrics Next Practices
- Identifying Your Challenges
- Case Studies
- Supplemental Material
- Related Research Documents
Features
Self-Diagnostic Tool For Security Metrics Capabilities
This is an excerpt
Buy Risk-Free
Price: US $499
Our Service Guarantee: If you are not completely satisfied, return it for a full refund.
Already a Forrester Client?
Log in to read this document.
