CHAPTER 12
Measuring a Cybersecurity Program
Measurement for measurement’s sake is a waste of time and money. It is not unusual for people to measure things simply because somebody—some edict or some policy—stipulates that things should be measured. Yes, measurement certainly has a role to play in making successful cybersecurity happen. But unless this role is thought through, measurement can degenerate into a meaningless exercise. This chapter describes a measurement approach that can help an enterprise assess the effectiveness of its cybersecurity program.
In the measurement world, the term meaningless has a number of nuances. Consider the ...
Get Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
