Build a Security Metrics Program to Drive Maturity

Measure what matters to drive your cyber and information security maturity.
 Join now

If you're already a member, click here to log in.

Major Business Pain Points

  • Many security leaders put off adding metrics to their program because they don't know where to start or how to assess what is worth measuring.
  • Sometimes, this uncertainty causes the belief that their security programs are not mature enough for metrics to be worthwhile.
  • Because metrics can become very technical and precise, it’s easy to think that they're inherently complicated (not true).
Build a Security Metrics Program to Drive Maturity-Pain Points

Recommendations

Key Points

  • The best metrics are tied to goals.
  • Tying your metrics to goals ensures that you are collecting metrics for a specific purpose rather than just to watch the numbers change.

Approach

Build a Security Metrics Program to Drive Maturity-Recommendations
  • A metric, really, is just a measure of success against a given goal. Gradually, programs will achieve their goals and set new more specific goals, and with them come more-specific metrics.
  • It is not necessary to jump into highly technical metrics right away. A lot can be gained from metrics that track behaviors.
  • A metrics program can be very simple and still effectively demonstrate the value of security to the organization. The key is to link your metrics to the goals or objectives the security team is pursuing, even if they are simple implementation plans (e.g. percentage of departments that have received security training course).
 Subscribe to Premium

Methodology and Tools

Executive Brief

Read our concise Executive Brief to find out why you should build a security metrics program, review the methodology, and understand the four ways we can support you in completing this project.

  • Build a Security Metrics Program to Drive Maturity – Executive Brief
  • Build a Security Metrics Program to Drive Maturity – Phases 1-2

1. Link security metrics to goals to boost maturity

Develop goals and KPIs to measure your progress.

  • Build a Security Metrics Program to Drive Maturity – Phase 1: Link Security Metrics to Goals to Boost Maturity
  • Security Metrics Determination and Tracking Tool
  • KPI Development Worksheets

2. Adapt your reporting strategy for various metric types

Learn how to present different types of metrics.

  • Build a Security Metrics Program to Drive Maturity – Phase 2: Adapt Your Reporting Strategy for Various Metric Types
  • Security Metrics KPX Dashboard
  • Board-Level Security Metrics Presentation Template

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.