Who Watches the Watchers? Metrics for Security Strategy

No ratings

Presented at BSidesLasVegas 2015 by

Michael Roytman

Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach?