security metrics
Want faster products and stronger trust? Build security in, not bolt it on
In this Help Net Security interview, Christopher Kennedy, CISO at Group 1001, discusses how cybersecurity initiatives are reshaping enterprise cybersecurity strategy. He …
GitLab CISO on proactive monitoring and metrics for DevSecOps success
In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating …
The evolution of security metrics for NIST CSF 2.0
CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or …
Company executives can’t afford to ignore cybersecurity anymore
Asked about the Board and C-Suite‘s understanding of cybersecurity across the organisation, only 39% of respondents think their company’s leadership has a sound …
7 metrics to measure the effectiveness of your security operations
Given inflation and economic uncertainty, the cybersecurity industry is starting to experience budget cuts, despite a surge in ransomware attacks. As more budgets are going …
The cybersecurity metrics required to make Biden’s Executive Order impactful
For too long, both the private and public sectors have not prioritized cybersecurity efforts enough and only acted in “good faith” – an inadequate effort to improve …
What prevents companies from achieving effective security performance management?
Cybersecurity performance is critical to achieving commercial success, according to a BitSight study. Among the study’s most interesting findings is that nearly two in five …
CISO do’s and don’ts for board reporting
Security is no longer just a job for IT – it impacts all areas of a business, from brand perception to the bottom line. As a result, CISOs are increasingly being asked to …
Structural integrity: Quantifying risk with security measurement
In my previous post, we set up the foundation for a risk quantification program. Many organizations have begun this part of their security strategy and are learning how to …
Most organizations suffered a business-disrupting cyber event
A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered two or more business-disrupting cyber events — defined as cyber attacks …
Even with internal focus, most companies utilize external resources for cybersecurity
A greater reliance on metrics to measure success combined with enhancing skills across security teams can help organizations boost their cybersecurity effectiveness, according …
Why security products should be more actionable for users
As an active angel investor in companies that want to bring new security technology into the market, Azi Cohen is most likely to be persuaded to invest by three things: an …
Featured news
Resources
Don't miss
- Southwest Airlines CISO on tackling cyber risks in the aviation industry
- Insider risk management needs a human strategy
- Cerbos: Open-source, scalable authorization solution
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
- Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)