Foreword
By now it’s become cliché to say “You can’t secure what you can’t measure,” or similar variations on Lord Kelvin’s original pronouncement about the relationship between measurement and outcomes. Unfortunately, very few organizations follow this mantra effectively. In my view, this is one of the biggest indictments of the security profession as a whole; despite an ever-expanding litany of control frameworks, best practices, and guidance, no one seems yet to have asked (to paraphrase risk metrics guru Douglas Hubbard), “How do we know if any of this stuff is really working?!”
Well, after nearly 15 years of security consulting for Fortune 1000 organizations, I’m here to tell you the dirty little non-secret of IT security: no one really ...
Get IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
