Cybersecurity metrics (part 1): The good, the bad, and the ugly | SASIG
Forgotten your password?

Tuesday 11 May 2021, 11am-12noon (BST)

This is the first of a two-part series about cybersecurity metrics by Secrutiny and SentinelOne. Watch Part 2: The value of strategic intelligence here.

As the famous quote goes, ‘not everything that matters can be measured’, and not everything that can be measured, should be. But what does this even mean? It’s simple; it’s about evaluating what makes a good metric and what makes a bad one.

Metrics are vital in validating successes, including the effectiveness of security controls, diagnosing problems, identifying security gaps, and improving internal performance, awareness and engagement. By understanding your organisation’s most important cybersecurity metrics, you can reduce the likelihood and impact of a cybersecurity incident.

In part one of this series, we delve into:

  • The purpose of good metrics.
  • Golden rules of measuring what matters.
  • Examples of good and bad metrics.
  • The best methods of presenting findings to the board.
  • Why we are more like Formula One race drivers than you think.


Presented by

Phil Davies (info), Principal Consultant and Lead Architect, Secrutiny


Log in to watch the webinar on demand

Log in here
This website uses cookies, by continuing to use the site you agree to using cookies. Continue