Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Jan 25, 2016

Metrics thought for the day

Where relevant, using current business metrics (also) for information risk and security purposes can be cost-effective if suitable raw data are already being gathered: the additional analysis, reporting and use incur relatively little incremental cost, especially if largely automated.

Corollary: when searching for metrics in any area of information risk and security, don't forget to check through existing business metrics alread in use for anything suitable, either as-is or with minor changes.

It would be easier to identify such metrics if the organization maintained a metrics inventory or database ...