CISOs have multiple ways of quantifying the work they do, from counting the number of threats thwarted to the number of patches performed. Some of those metrics speak to the volume of work being performed, while others – such as mean time to detect and mean time to respond – offer insights into the effectiveness of the department’s people, processes and technology.
Although important, some security experts say they turn to other indicators to determine the overall strength of their cybersecurity department. They go beyond any single snapshot of how the security team is performing in a particular area and speak instead to overall performance within the enterprise.
Here, CISOs and security advisers share what they consider signs of a great cybersecurity program.