Developing Key Performance Indicators for Security

Explore a comprehensive conference talk on developing effective key performance indicators (KPIs) for security programs. Learn practical steps to create meaningful metrics that can be communicated to leadership, facilitating better organizational risk management. Discover how to intelligently choose cybersecurity standards as a foundation for defense, select appropriate tools for audits and risk communication, and identify community-defined metrics for measuring risk posture. Gain insights into laying a strong foundation for security program management, understanding popular security control standards, and implementing Six Sigma principles in conjunction with CIS Controls. Delve into the process of defining controls, measures, and metrics, and see how automation can lead to improved reporting. Examine the future of information security and learn how to operationalize security program metrics effectively.

RSAConference 2019
Laying a Foundation
An Architecture for Security Program Management
WARNING!
Defining Appropriate Controls
Popular Security Control Standards
The Center for Internet Security (CIS) Controls (cont)
Key Principles for Version 7.0 & 7.1
Controls, Measures, Metrics, Maturity
Start with Attestations
Six Sigma and the CIS Controls
Controls, Measures, and Metrics Example
More Sample Measures / Metrics (CIS Control #1)
Defined Measures / Metrics Lead to Automation
Automation Leads to Reporting
The Future of Information Security
Operationalizing Security Program Metrics
For More Information