Get Started: Creating InfoSec Metrics

Wednesday, August 09 | 12:40PM–1:10PM
Session Type: Virtual

What should I measure, and why? Information security metrics measure a security program’s implementation, effectiveness, and impact. They are tools designed to facilitate decision making and improve performance and accountability. Yet where should a higher education institution start when collecting and analyzing relevant information security performance-related data? How do you detect trends in the data you have? How might information security threat intelligence data be used in your metrics program? This session will introduce participants to internal and external data sources that can be used to create information security metrics and best practices resources to help create information security metrics.

Learning outcomes:

  • Differentiate between internal and external sources of metrics data
  • Learn about different types of information security metrics
  • Discover resources to help you in creating information security metrics


  • Kim Milford

    Executive Director, REN-ISAC, Indiana University

Resources & Downloads

  • Slides

    894 KB, pdf - Updated on 8/10/2017
  • Transcript

    69 KB, doc - Updated on 8/15/2017
  • Recording

    Updated on 7/14/2021