Fact Not FUD - Managing What You Can Measure (AKA: Security Metrics)
All too often security programs are whipsawed by the hottest new fad or the latest Wall Street Journal article on a breach or vulnerability. This constant struggle to "grease the squeaky wheels" has distracted our focus from tracking the real metrics that determine our success (or failure). In this session, you will learn that there are more important (and much more effective) metrics to track than just "how secure are we." You will explore methods for determining how well you are managing the limited labor, capital, and technological resources in your quest to manage and mitigate risk. This session's focus will be on the efficacy and efficiency of your controls and how to elevate your game while providing the fundamental numbers back into the decision-making process instead of relying on instinct and your gut. We will provide concrete examples and techniques that will allow you to immediately start having a different kind of conversation with your management stakeholders about risks and how they can best be managed.