Content area
Full text
Note: Is your security program paying off for the business? Here are five high-level metrics that the executive suite needs to watch.
Information security specialists like to argue over a lengthy list of possible metrics to measure their systems' security posture.
For managers and executives, however, the picture needs to be simplified to a less controversial collection of measurements. While security administrators focus on technical metrics, managers and chief security officers have to focus on how IT security interacts with business, says Kevin Lawrence, senior security associate with IT security consultancy Stach & Liu.
"Everything comes down to whether the business impact is worth the...