RETIRED CONTENTPlease note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.
An appropriate security metrics program help you to be in strategic alignment with business objectives and to control security risks in a more cost-effective fashion. This tool is designed to help you identify and build up a right-sized security metrics program for your organization.
This tool will help you:
- Identify which security functions your organization is going to measure
- Examine and determine which business objectives each security function can contribute to
- Outline the ways that security can contribute by creating security objectives
- Identify current maturity level and set up the target maturity level
- Outline the metrics selected to measure the security function toward your security objectives
- Give concise description to your metrics
- Identify the metrics type and identify the metrics view type
- Identify the appropriate audience for the metrics
- Select an appropriate reporting frequency
- Define who is going to responsible for the metrics
- Indicate the source(s) of information for each metric
If not measured, either your SOF is not effective at all, or your SOF has unknown effectiveness.