The other day, I learned a great lesson about security metrics while getting a haircut. Initially, this may sound like a bit of an odd statement, but I promise it will make sense in the end. The woman ...

There are multiple metrics CISOs can use to improve the effectiveness of security efforts and demonstrate key business alignment, among other benefits. Measuring security performance may not sound ...

In 2023, the cybersecurity challenges in the Operational Technology (OT) and Industrial Control Systems (ICS) landscape reached unprecedented levels. Ransomware, increasingly prevalent through new ...

For security professionals, two free risk-management guides out this week provide directions on how to establish corporate security metrics, as well as tips on organizing risk-assessment and ...

Last week, I talked about the emergence of metrics in the management of IT risks. I asked for your feedback, and (thank you all very much!) I’ve already gotten many interesting responses from readers ...

With the US Securities and Exchange Commission requiring CISOs and boards of directors to increase the level of transparency around their organizations' cybersecurity capabilities and to speed up ...

A 2025 global survey found that 72% of business leaders have witnessed a recent rise in cyber risks. Simultaneously, organizations face a shortage of cybersecurity talent with the skills gap ...

CISOs are finding new measures to quantify the business value of cybersecurity investments that can show how a security team’s work supports a company’s top and bottom lines. Longtime security chief ...

How do we manage what we can’t measure? One of the cornerstones of the scientific method is measurability: a focus on defining the ways of counting or measuring aspects of reality that we hope will be ...

The National Defense Authorization Act for Fiscal Year 2017 (2017 NDAA) requires the Department of Homeland Security (DHS) to develop an annual report containing 43 specific metrics to measure the ...