Information Security Program Metrics

In this story, we will look at the standards related to the information security metrics, how to establish the information security program metrics, discuss different audiences to consume those metrics, and look at the metrics for operational users and board of directors.

What is the Information Security Metric?

An information security metric is a measurable way to assess various aspects of an organization’s information security program, processes, and controls. In other words, track and evaluate the effectiveness…

--

--

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.