Cyber Risk
First published:
ISBN: 9781782722830
If you are a Risk.net subscriber you are entitled to 20% off your Risk books purchases. Please email enquiries@riskbooks.com for more information.
As part of your Risk.net subscription you are entitled to 20% off all of your Risk Books purchases. If you would like to place an order please email enquiries@riskbooks.com
Cybersecurity Metrics: The Good, the Bad and the Ugly
Adrian Davis
Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
INTRODUCTION
The management saying “What gets measured gets managed”, attributed to the great physicist Lord Kelvin, is just as applicable to information security as it is to marketing, finance or operations. However, information security has increasingly found that the measurements it can collect and present are not necessarily relevant to the business, the board and the wider non-information security community.
This chapter will examine how metrics can be collected, used and presented to: assist information security to run its operations efficiently and effectively; communicate to varying audiences about what information security is doing and how it is supporting the business; and to provide information upon which decisions can be based and plans drawn up. Effort – and time – is still being expended in collecting, and then presenting to audiences, data and statistics that do not inform, describe the breadth of information security and its achievements, provide organisations with an understanding of the status information security and help answer the question, “Are we secure?”
WHAT WE MEAN BY METRICS
Unfortunately, the term “metrics” has a number of meanings within
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
