Executive Director, REN-ISAC, Indiana University
What should I measure, and why? Information security metrics measure a security program’s implementation, effectiveness, and impact. They are tools designed to facilitate decision making and improve performance and accountability. Yet where should a higher education institution start when collecting and analyzing relevant information security performance-related data? How do you detect trends in the data you have? How might information security threat intelligence data be used in your metrics program? This session will introduce participants to internal and external data sources that can be used to create information security metrics and best practices resources to help create information security metrics.