Week-by-week, we are re-publishing a series of short information security metrics briefing papers originally delivered to subscribers of the NoticeBored security awareness service as part of the management-level stream.
Successive briefings describe a selection of metrics relating to a wide variety of information security topics. In the context of the security awareness program, their purpose is to encourage managers to think about and discuss the proposed metrics with the information security and risk specialists. The more enlightened among them might even apply the PRAGMATIC approach to evaluate and improve on them!
We are re-publishing the papers here in the same sequence they were originally written but at an accelerated rate. As you follow the series, you may notice our thoughts on security metrics evolving over the period and, from time to time, new styles of metric being introduced. This is still a developing field!
Feel free to comment on these papers through the PRAGMATIC blog. We’d be interested in your feedback, such as the metrics you find most valuable in any of these topic areas.