A few good metrics
Metrics have a bad rep. Mention metrics to a CISO and immediately his thoughts may well turn to sigmas, standard deviations and, probably, probability. To many, metrics equals statistics.
There's no denying that proven economic principles can—and should—be applied to information security investments.
[ Read more ]