Cybersecurity Metrics, KPIs and KRIs

Presented by

Gideon T. Rasmussen | vCISO and Consulting Principal, Virtual CSO, LLC

About this talk

This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed. Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed. We also walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status. The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program. About the speaker: Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). He is certified in many programs including CISSP, CRISC, CISA, CISM, CIPP, ITILv3, and NSA-IAM.

Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (1834)
Subscribers (187521)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.