Drive Action with Security Metrics

Who's at the wheel?

If you can’t track the time it takes to remediate business critical vulnerabilities, audit configurations, identify gaps, track trends, and communicate effectively with your organization’s senior management team, you can’t drive action.

Put yourself in the driver's seat.

Tenable helps you gather the key security metrics you need to improve the measurement of your cyber security program. With Tenable, identify gaps and blindspots. Ensure the senior management team in your organization understands your cybersecurity program. Clearly show how your security program aligns with the business goals of your company.

Get the eBook

Using SMART Metrics to Drive Action

Learn how Specific, Measurable, Actionable, Relevant and Timely (SMART) security metrics can help you better communicate security program effectiveness to executives and the board.

Learn More

Deeper Dive

Security Metrics Blogs

Establishing Relevant Security Metrics, Part 5: Keeping Metrics Relevant

by Marcus J. Ranum on December 16, 2015

In this video blog, Marcus discusses several ideas for presenting relevant security metrics to your management.

Establishing Relevant Security Metrics, Part 4: How to Establish Security Metrics

by Marcus J. Ranum on December 14, 2015

Marcus offers advice on starting a metrics program in this video blog.

Establishing Relevant Security Metrics, Part 3: What are the Top Security Metrics to Track?

by Marcus J. Ranum on December 11, 2015

In this video blog, you’ll learn the most important security metrics to track.

Establishing Relevant Security Metrics, Part 2: Why Keep Security Metrics?

by Marcus J. Ranum on December 9, 2015

In this video blog, Marcus discusses problems and opportunities inherent to security metrics.

Establishing Relevant Security Metrics, Part 1: What is a Metric?

by Marcus J. Ranum on December 2, 2015

In this informative video blog, Marcus defines "metric," relates security metrics to an organization's larger business goals, and discusses how data supports information security stories.

Creating Meaningful Metrics

by William Wade on December 1, 2015

Make metrics meaningful by creating metrics and reports based on what is important to your organization.

Which Security Metrics Matter Most?

by Scott Hollis on October 22, 2015

It’s important to assess which specific security metrics present the business with the most value.

Real-Time Situational Awareness: Never Say “I Don’t Know”

by Craig Shumard on October 22, 2015

Real-time or near-real time situational awareness ensures that you always know your security posture.

Getting Started with Security Metrics

By Marcus J. Ranum on October 2nd, 2015

Metrics can make security relevant to the business.

Using Security Metrics to Drive Action

By Scott Hollis on September 9th, 2015

Total vulnerabilities can be a misleading security metric; instead, start with average patch rate and scan coverage as your core metrics to best ensure security effectiveness and to minimize attack surfaces.

Bruce Schneier on Security Metrics that Matter

By David Spark on August 10th, 2015

I like to see metrics about people, processes, and technology.

The Average CISO Tenure is 17 Months—Don’t be a Statistic!

By Scott Hollis on September 18th, 2015

Rapid response to questions requires near real-time security posture data.

Why Be Normal? Especially if you Don’t Know What Normal Is!

By Marcus J. Ranum on November 14th, 2014

Figuring out what “normal” means is one of computer security's great challenges.

True White-Knuckled Stories of Metrics in Action: The Faculty Systems

By Marcus J. Ranum on September 19th, 2014

Keep your metrics relevant to the problem at hand by reasoning toward the problem, as your goal.

Establishing Your Own Metrics: What to Do

By Marcus J. Ranum on July 1st, 2014

Bottom up or top down? For best results, try a bit of both.

Establishing Your Own Metrics: What Not to Do

By Marcus J. Ranum on May 14th, 2014

Metrics are produced, not collected.

True White-Knuckled Stories of Metrics in Action: Sylvan

By Marcus J. Ranum on April 2nd, 2014

The order in which you present your metrics should support and reinforce them.

Security Metrics: What is a "Metric"?

By Marcus J. Ranum on March 13th, 2014

A metric is some data and an algorithm for reducing and presenting it to tell a story.

Security Metrics - Why Should You Care?

By Marcus J. Ranum on February 26th, 2014

Security metrics are data points that provide analytical insights into an enterprise security posture.