All CISOs should track metrics to support their security programs. Security metrics are crucial to decision making, budgets and executive reporting. But what should be tracked besides the total number of vulnerabilities and remediations? Scott Hollis recommends two key metrics to start with, and discusses the need for contextual information in Using Security Metrics to Drive Action.
This article appears as part of Tenable’s Level-up Your IT Security BrandPost initiative hosted by CIO.com this month.