Forge an Ironclad Reporting Strategy for Security Metrics
Help the board understand what they need to know – no more, no less.
- Board-level presentations are a rare opportunity for Security and the Business to understand each other’s viewpoints and the things they care about, and metrics are a good way of quantifying successes and shortcomings.
- But because both sides think in different terms, reaching this understanding can be easier said than done. In effect, there is a language gap between the Business and Security that can have a detrimental effect on business-security alignment.
Our Advice
Critical Insight
- Out of all the metrics your security program tracks, how do you decide which ones are important enough to share with the board?
- Once you’ve made that decision, how will you explain those metrics in terms that will be meaningful to the board?
- The best way is to aggregate your individual, low-level metrics into larger groups that are easily digestible by the board.
Impact and Result
- Learn to view your individual metrics as component parts in a larger story about your organization’s security posture.
- Decide what message the business needs to hear in order to appreciate the security program’s successes and areas for improvement.
- Strategize ways of using those groups to tell a broader story about risk, allowing you to bridge the language gap between security and business leaders.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
Client
Experience
Impact
$ Saved
Days Saved
YHA New Zealand
Guided Implementation
10/10
$10,000
10
No worst parts, I enjoyed working with Logan on this project and found his input invaluable.
City of Durham
Guided Implementation
9/10
N/A
N/A
Logan communicated very effectively and made sure the discussion provided value and met my objective.
Sherritt International Corporation
Guided Implementation
10/10
N/A
20
Excellent advise on designing Cyber Security dashboard.
Ontario Pension Board
Guided Implementation
9/10
$20,500
10
Best - discovered other tools that were more appropriate during our discussions Worst - realized that I don't have time to do all the things I'd l... Read More
Shared Services Canada
Guided Implementation
10/10
$1,000
5
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 1-phase advisory process. You'll receive 2 touchpoints with our researchers, all included in your membership.
- Call 1: Start with a winning reporting strategy.
- Call 2: Learn to communicate through risk-based terms.
Contributors
- Robert H. Jackson, Global Chief Information Security Officer, Sedgwick
- Peter Singh, Executive Officer - IT Services, Toronto District School Board
- Jeff Tandy, Senior IT Security Specialist, General Dynamics Land Systems Canada
- Kelly Walsh, CIO, College of Westchester
- Kevin Yenglin, Information Security Manager, Rehmann
- Three anonymous contributors
Build Your Security Operations Program From the Ground Up
Develop a Security Operations Strategy
Develop and Deploy Security Policies
Establish an Effective System of Internal IT Controls to Mitigate Risks
Select a Security Outsourcing Partner
Embed Security Into the DevOps Pipeline
Reinforce End-User Security Awareness During Your COVID-19 Response
Cybersecurity Priorities in Times of Pandemic
Build a Security Metrics Program to Drive Maturity
Build a Service-Based Security Resourcing Plan
Secure IT/OT Convergence
Integrate Physical Security and Information Security
Prepare for Post-Quantum Cryptography
Build an Automation Roadmap to Streamline Security Processes