10 Security Metrics Categories CISOs Should Present To The Board
DARKReading, Wednesday, February 14th, 2024
Boards of directors don't care about a security program's minute technical details. They want to see how key performance indicators are tracked and used.
With the US Securities and Exchange Commission requiring CISOs and boards of directors to increase the level of transparency around their organizations' cybersecurity capabilities and to speed up breach disclosure to investors, cyber reporting and metrics have become an even bigger priority for companies this year.
Boards are turning the screws to their security and risk executives to bring a lot more rigor to how they track key performance indicators (KPIs) and key risk indicators (KRIs) - and how they use these metrics to advise and report to the board. Fundamental to both KPIs and KRIs are security operational metrics that track the scope of assets, cybersecurity activities around those assets, and measured security outcomes.