If you can’t track the time it takes to remediate business critical vulnerabilities, audit configurations, identify gaps, track trends, and communicate effectively with your organization’s senior management team, you can’t drive action.
Tenable helps you gather the key security metrics you need to improve the measurement of your cyber security program. With Tenable, identify gaps and blindspots. Ensure the senior management team in your organization understands your cybersecurity program. Clearly show how your security program aligns with the business goals of your company.
Learn how Specific, Measurable, Actionable, Relevant and Timely (SMART) security metrics can help you better communicate security program effectiveness to executives and the board.
by Marcus J. Ranum on December 16, 2015
In this video blog, Marcus discusses several ideas for presenting relevant security metrics to your management.
by Marcus J. Ranum on December 14, 2015
Marcus offers advice on starting a metrics program in this video blog.
by Marcus J. Ranum on December 11, 2015
In this video blog, you’ll learn the most important security metrics to track.
by Marcus J. Ranum on December 9, 2015
In this video blog, Marcus discusses problems and opportunities inherent to security metrics.
by Marcus J. Ranum on December 2, 2015
In this informative video blog, Marcus defines "metric," relates security metrics to an organization's larger business goals, and discusses how data supports information security stories.
by William Wade on December 1, 2015
Make metrics meaningful by creating metrics and reports based on what is important to your organization.
by Scott Hollis on October 22, 2015
It’s important to assess which specific security metrics present the business with the most value.
by Craig Shumard on October 22, 2015
Real-time or near-real time situational awareness ensures that you always know your security posture.
By Marcus J. Ranum on October 2nd, 2015
Metrics can make security relevant to the business.
By Scott Hollis on September 9th, 2015
Total vulnerabilities can be a misleading security metric; instead, start with average patch rate and scan coverage as your core metrics to best ensure security effectiveness and to minimize attack surfaces.
By David Spark on August 10th, 2015
I like to see metrics about people, processes, and technology.
By Scott Hollis on September 18th, 2015
Rapid response to questions requires near real-time security posture data.
By Marcus J. Ranum on November 14th, 2014
Figuring out what “normal” means is one of computer security's great challenges.
By Marcus J. Ranum on September 19th, 2014
Keep your metrics relevant to the problem at hand by reasoning toward the problem, as your goal.
By Marcus J. Ranum on July 1st, 2014
Bottom up or top down? For best results, try a bit of both.
By Marcus J. Ranum on May 14th, 2014
Metrics are produced, not collected.
By Marcus J. Ranum on April 2nd, 2014
The order in which you present your metrics should support and reinforce them.
By Marcus J. Ranum on March 13th, 2014
A metric is some data and an algorithm for reducing and presenting it to tell a story.
By Marcus J. Ranum on February 26th, 2014
Security metrics are data points that provide analytical insights into an enterprise security posture.
