InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
Whether you are a new CISO starting out at a new organization or a tenured CISO coming under more scrutiny from executive leadership, a centralized metrics dashboard will help track goals and trends and satisfy multiple stakeholders within your
organization. In this piece, we outline the basic metrics CISOs should consider for their dashboards.
At the highest level, CISO dashboards typically have two types of consumers: Those who need tactical data and those who need strategic status.
Using the top metrics would be an example of satisfying stakeholders with tactical concerns, while strategic use cases would satisfy stakeholders with governance concerns. They should expect to see key risk indicators (KRIs) in conjunction with whatever
framework you may be using, be it the NIST Cybersecurity Framework (CSF), ISO etc.
A logical combination of each is the ideal but consider starting with the tactical metrics. The idea is to design a dashboard with the flexibility to add as many key tactical metrics as needed based on business and risk drivers.
The first step is to outline “metric primitives” you can use to compose metrics you care about, given your business and risk drivers.
There are five main metrics areas to consider, each requiring progressively more sophistication:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.