“Across the industry, there are CSOs and security programme managers who still don't get it, who think security-related metrics are a waste of time or who don't have a clue where to look to build a metrics program. Every business manager to develop and deliver programs and services that demonstrate measurable results, whether good or bad, positive or negative - and that includes security”, writes George Campbell in Security Technology and Design.
“How many CEOs can you count who have been sacked for having bad performance metrics? If you are a security manager looking across the table at your information security counterpart, he or she can drown you in measures and metrics to assess the effectiveness of his or her safeguards. These are all metrics-rich functions led by managers who understand and depend on specific measures and associated metrics”.
For the full article, see
http://articles.directorym.net/Its_Time_to_Get_Security_Metrics_Savvy-a879674.html
