2023-06-10, 16:00–16:45, Track 3 (Moody Rm 102)
This session provides practical advice to establish cybersecurity metrics, KPIs and KRIs. Provides tips to design metrics based on a new process or function. Includes examples attendees can leverage upon returning to work. The session includes 22 metrics and seven resources for many more.
This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed.
Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed.
We walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status.
The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program.
Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (as a CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management.
Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences).