A Few Good Metrics

Metrics have a bad rep. Mention metrics
to a CISO and immediately his thoughts may well turn to sigmas,
standard deviations and, probably, probability. To many, metrics equals

There’s no denying that proven economic principles can—and should—be
applied to information security investments. At the same time, a bumper
crop of valuable metrics exist that don’t require classes on Nobel
Prize-winning theories or a working knowledge of the Greek alphabet.
You’ve actually already sowed the seeds of these less dense but equally
valuable metrics. They’re sitting in your log files, on your network,
in the brains of your business unit managers, just waiting to be
harvested. You won’t need computational prowess to exploit this crop’s
value, just some legwork and—this is key—the most effective
presentation tools.

Here we discuss five such metrics, along with some ways to present them
visually, as imagined by Andrew Jaquith. Jaquith is a cofounder of the
consultancy @stake (which was bought in 2004 by Symantec) and a protégé
of infosecurity guru Dan Geer.

Get the full article in CSO Magazine Online.  This is a very good read.  I will be using many of his suggestions in future security work.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek. http://linkedin.com/in/xavierashe

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s