A few good metrics
Metrics have a bad rep. Mention metrics to a CISO and immediately his thoughts may well turn to sigmas, standard deviations and, probably, probability. To many, metrics equals statistics.
There's no denying that proven economic principles canóand shouldóbe applied to information security investments.
[ Read more ]