A CISO’s Guide to an Effective Cybersecurity Metrics Program

This briefing is based on the findings of a cross-sector task force of CISOs and staff who shared their challenges and best practices for developing and using security metrics to drive decisions within their organizations. Topics discussed include: (1) defining security metrics; (2) identifying criteria for an effective security metric; (3) adopting a metrics framework; (4) methods for metrics reporting and decision-making; (5) guidance for initiating a metrics program; (6) strategies for expanding the program; and (7) tools members use to collect and report metrics. Supporting tools that will be shown during the briefing including the Security Metrics Selection Compendium, which includes a self-assessment for assessing controls maturity and selecting metrics, Top 20 “must measure” metrics, and links to references that contain supporting metrics. Please join members of the Task Force as they share visuals and key insights to help you improve the effectiveness of your Cybersecurity Metrics Program. Speakers: • Arlan McMillan, CISO, Kirkland & Ellis LLP (Executive Sponsor) • Mark Brashear, Security Operations Manager, Illinois Tool Works • Jeff Morgan, Associate Director • Humana Scott Schmuhl, CISO, Merrick Bank • Alexandra Zafra, CISO, Intercept Pharmaceuticals