More presentation coverage from the Rocky Mountain Information Security Conference (RMISC) event a couple weeks back! Mike Pedrick, CISSP, of Nuspire, gave a very unique and audience collaborative talk about What Gets Measured Gets Done: Crafting Security Program Metrics You AND Your Boss Care About. His unique presentation style of very few slides, lots of case studies and experiences and audience participation was very refreshing and fun! Much like any data analytics or reporting, context around cybersecurity reporting (color, picture, priority) is massively important when communicating with your organization's executive team. Mike recommended treating reporting and metrics like an elevator pitch, they should be short and tell a crystal clear story (don't let the story tell itself). He discussed the 3 most important metrics: 1) KPI - to measure performance 2) KGI - to measure goals 3) KRI - to measure risk He also shared the SMART tactic: S - Specific M - Measurable A - Achievable R - Relevant T - Timely Lastly, Mike reminded us to snooze what's not important or what hasn't changed. We must use data to make decisions if we want our programs to survive, even if we spend multiple hours a day firefighting. Because in the end, you can never eliminate risk. Thank you to Mike Pedrick, CISSP of Nuspire! #datamanagement #businessintelligence #dataanalytics #datasecurity #datagovernance #datastrategy #datainitiatives #datawarehouse #cybersecurity
