Read Time:37 Second
Cybersecurity pros interested in metrics and measures frequently ponder and pontificate on what measures would be best to show the board of directors. That can be a tricky proposition because “we have to speak like the business” is also a mantra. Coming up with cybersecurity metrics from a business perspective can be a challenge. So how can we solve this problem and provide useful insight?
Well, first we have to recognize that the board level is the highest strategic level in the company. If you provide metrics on patch status and phishing test results, you are essentially admitting that your cybersecurity program is built on a few hodge-podge activities and a prayer.