Tom Bowers, Technical Editor, Information Security magazine, presented this session at Information Security Decisions...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Most discussions of security metrics focus on abstract theory -- how to measure security using complex equations that are only practical in a "perfect" world. This session takes the opposite tack, honing in on real-world methods for developing security metrics given the technical and cultural constraints within the modern organization. Tom Bowers, manager of information security operations at a large pharmaceutical company and technical editor for Information Security, offers insight into metrics that work for his company and other organizations he's familiar with. Tom details current, real-world projects and explains how he and his fellow security practitioners demonstrated value to the business units, as well as the CFO and CIO, without expensive, time-consuming academic formulas.
Download this presentation and learn:
- The theories for generating metrics and if they apply to security
- Where to find measurable security statistics
- Practical low/no cost tools available
- Tips on presenting the business value where ROI is difficult to justify
- How to leverage security events occurring outside your company in your presentation