Are you measuring the value and effectiveness of your cybersecurity efforts? Most companies around the world are failing to do so, according to a recent security measurement index benchmark survey. Without establishing the proper metrics, you’re flying blind.
And even when organizations’ information security function does generate and deliver data about the business’ security, it typically never gets read.
“Many companies, while they’re making some effort in cybersecurity, they’re not looking at the effectiveness in terms of how it helps the business,” says Joseph Carson, chief security scientist at Thycotic, which created its Security Measurement Index (SMI) based on standards for security specified in ISO 27001 and best practices from industry experts and associations.