The CISO’s Guide to Metrics that Matter in 2021

How to Apply Metrics to Strengthen Security Programs and Articulate Value to Leadership

The security metrics that teams traditionally use lack context and fail to provide insights needed to make strategic decisions, leaving CISOs struggling to show ROI, identify critical gaps, and gain the support across the organization to mature their security program. This can leave security teams with a false sense of confidence and a less-than-optimal budget, all the while risk increases. By applying the security metrics that matter, CISOs can mature their security programs and articulate value to boards, peers, and technical team members.

Our latest version of the guide, updated for the 2021 landscape, includes:

  • Example of what metrics to use and not to use
  • How to derive meaning from metrics to show ROI, identify program gaps, and build budget
  • Communication frameworks to enable support across the business

Complete the form to access the guide:

More resources

The Most Effective Security Metrics for the Changing Risk Landscape

Moderator: Colin O’Connor, Chief Operating Officer, ReliaQuest Panelists: Joseph Burkard, Chief Security Officer, Alight Solutions John Childers, Director Information Security, Aqua America Mike Ortlieb, Director of IT Security & Privacy, Protiviti In the midst of the current economic and operational volatility, security has become even more visible across the enterprise and boards are asking security […]

How to Measure and Communicate the Value of Your Security Program

In trying economic times, it’s more important than ever to be able to measure and communicate the effectiveness of one’s cybersecurity program. Colin O’Connor, COO of ReliaQuest, offers a new alternative to traditional metrics. In this video interview, O’Connor discusses: Why measuring cybersecurity is so hard; How traditional metrics fail to translate; New ways to […]