Just over a year ago I put out this blog post on the 10 fundamental (but really hard) security metrics. Since then I’ve discussed this with a lot of people and have been thinking more about this in the context of how Boards can oversee risk. For Boards, in particular, it’s clear that they need to drive behaviors by tracking leading indicators as opposed to reacting negatively when current lagging indicators don’t meet their expectations. Despite 10 metrics not seeming a lot I’m becomi...
