[Solved]Developing Appropriate Set Information Security Metrics Support Information Security Progr Q37260698

Developing an appropriate set of information security metrics tosupport having an information security program achieve itsobjectives. Effective security metrics need to be appropriate forthe audience asked to consume (use) them. Think about two keyaudiences a CISO needs to interact with: 1) The Chief InformationOfficer (CIO) and 2) The Board Of Directors, specifically a RiskCommittee of the Board, so think big picture/strategic. Would youuse the same set of measures for each group to communicate theeffectiveness of the information security program? If not, why not?List out three specific security metrics you would present to eachof those two audiences and talk about what you hope to accomplishin your presentation to them.Developing an appropriate set ofinformation security metrics to support having an informationsecurity program achieve its objectives. Effective security metricsneed to be appropriate for the audience asked to consume (use)them. Think about two key audiences a CISO needs to interact with:1) The Chief Information Officer (CIO) and 2) The Board OfDirectors, specifically a Risk Committee of the Board, so think bigpicture/strategic. Would you use the same set of measures for eachgroup to communicate the effectiveness of the information securityprogram? If not, why not? List out three specific security metricsyou would present to each of those two audiences and talk aboutwhat you hope to accomplish in your presentation to them.

Expert Answer

---

Answer to Developing an appropriate set of information security metrics to support having an information security program achieve … . . .