Tuesday, April 13 | 11:45AM–12:45PM | International F (6th floor)
In the face of regular, high-profile news reports of serious security breaches, as well as intense scrutiny of institutional costs, security managers are more than ever being held accountable for demonstrating effectiveness of their security programs. What means should managers be using to meet this challenge? Key among these should be security metrics. This presentation will provide a definition of security metrics, explain their value, discuss the difficulties in generating them, suggest a methodology for building a security metrics program, and review factors that affect its ongoing success. Numerous examples of security metrics will also be covered.
AVP for Information Security, Policy & Records (Retired), University of Virginia