A key goal of my consultancy is to provide you with data that are genuinely useful. Recently, I had one client describe their existing IT security metrics as ‘coffee table metrics’, meaning the results looked pretty but they didn’t really tell him very much that was useful. What I gave him was a new set of metrics that ‘took the temperature’ of the risk dynamics occurring at multiple places within his IT estate. This let him see what his main risk issues were and gave him the understanding and measurements he needed to deal with those.
Drawing on my scientific training, I can design security risk metrics that will show you what is really going on within your environment.
Metrics that expose not just how much threat activity you are facing but the extent to which that activity is capable of causing you harm.
Metrics that expose not just how extensively a control has been implemented but its effectiveness at interceding in the progress of the threat and limiting the harm that threat can cause.
Metrics that show how much harm each threat is causing, and where to focus your effort to achieve the greatest effect.
As I have done for others, I can design for you a set of security metrics that will tell you what is going on within your IT estate, from an actionable risk perspective, and as broadly or as deeply as you might like. Some thoughts to help:
If you would like to know what data to collect and how to get meaningful risk-relevant insights, then please get in touch using the contact details at the top of this page.