In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These ...

The National Defense Authorization Act for Fiscal Year 2017 (2017 NDAA) requires the Department of Homeland Security (DHS) to develop an annual report containing 43 specific metrics to measure the ...

For security professionals, two free risk-management guides out this week provide directions on how to establish corporate security metrics, as well as tips on organizing risk-assessment and ...

One of the most difficult aspects of managing risk in information assurance (IA) is that our statistical information is so poor. We don’t know about security breaches that we have not noticed; we ...

The Center for Internet Security and the Open Group’s security division have each published comprehensive risk-management guides, the first defining a basis for security metrics and the second a ...

Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles gleaned from across our ...

The other day, I learned a great lesson about security metrics while getting a haircut. Initially, this may sound like a bit of an odd statement, but I promise it will make sense in the end. The woman ...

The Government Accountability Office (GAO) has released a report indicating that the implementation of the Federal Information Security Modernization Act of 2014 (FISMA) by federal agencies remains ...

I am excited to join the team of security contributors on CSO Online and launch the “Security by Numbers” blog. I’ve been focused on computer and information security for my entire 20 year career and ...

How do we manage what we can’t measure? One of the cornerstones of the scientific method is measurability: a focus on defining the ways of counting or measuring aspects of reality that we hope will be ...