Develop Metrics Capabilities to Communicate Risk to Business Stakeholders

Develop Metrics Capabilities to Communicate Risk to Business Stakeholders

Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts. Topics covered include:

• How to figure out what to track, which data signals to look out for and what feedback loops you need within the org.
• Accessible risk quantification methodologies that add concrete detail to risk registers without requiring the complexity of models like FAIR.
• The pros and cons of major metrics tools and how to choose solutions that work for your org.
• Examples of executive-level cybersecurity metrics with guidance on when and how to use them.

Audience

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.