17 May 2006
Influencing senior management, a presentation on security metrics, gives a good overview of the factors to consider when developing a set of security metrics. The particular examples chosen may not suit every organization but, as examples, they illustrate the kinds of things worth measuring and reporting. The slides touch on Kaplan and Norton's classic 'balanced scorecard' approach but (as so many do) emphasizing 'scorecard' over 'balance'. Still, a worthwhile read if you, like me, are fishing around for useful security metrics.