The CISO dashboard is a challenge for all from senior members of the board to the security professional tasked with preparing the "deck." It is too detailed to some or too long and technical to others, or it is not quantifiable and lack the "So what?" factor. Security metrics can tell a story when the right metrics are in place and aligned to the business strategy and organizational capabilities. The results of these metrics, both key risk Indicators and key performance indicators, which are key components of continuous security (risk) monitoring, should dictate security as well as business initiatives.
Learning objectives:
1. Implement an effective CISO security risk dashboard detailing security risk posture for divisional management, senior management and the board to enable risk-based decision making at the enterprise level.
2. Identify key security metrics such as key risk indicators, key performance indicators and be able to generate a story.
3. Demonstrate the foundational knowledge to enrich the CISO storyline by monitoring the results of the metrics via continuous risk monitoring.