If You Can’t Measure It, You Can’t Manage It
In this exclusive podcast series, “Take Back Control of Your Cybersecurity Now,” Paul Ferrillo and Christophe Veltsos share insights from their recently released book of the same name. By explaining top threats and cyber risks in plain language, Ferrillo and Veltsos not only illustrate today’s perilous landscape, but also build a convincing case for why cybersecurity must be a key business priority.
Building good metrics and delivering sound reporting is an important part of the CISO’s job, but it is not an end in and of itself. The purpose of regular security reporting is to create an ongoing story that helps directors and other executives understand whether the current strategy is working or if changes, such as an investment in cognitive security solutions, are needed.
How to translate numbers into cyber risks is the focus of this episode of the “Take Back Control of Your Cybersecurity Now” podcast series. Paul and Chris reiterate the need to close the communications gap between CISOs and boards and recommend principles for better metrics reporting, including focusing on key trends, avoiding information overload and repackaging data in terms of how risks are impacting the business.
You may also want to read the IBM Institute for Business Value report on cybersecurity in the cognitive era mentioned during the episode.