What are the most important metrics to measure when building out your security program? One thing we learned on this episode is depending on your security program’s maturity, those metrics will always be different.
This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is my co-host of the other show, Mike Johnson, CISO of Lyft.
On this episode of Defense in Depth, you’ll learn:
- There is no golden set of security metrics.
- Metrics you use to measure your security program this year won’t necessarily be the same ones you use next year.
- Use the NIST model to determine your security program maturity.
- Unlike B2C, B2B companies can use metrics to build a closer tie between security and the business.
- Regulations and certifications are one easy way to align security with the business.