ROI and Metrics

ROI and Metrics | News, how-tos, features, reviews, and videos

Shall we care about zero-day?

Gartner says that 99% of exploited vulnerabilities are publicly known. Does it mean we can ignore zero-days?

business man holding money bag

Yahoo shows that breach impacts can go far beyond remediation expenses

Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included...

Cybersecurity: is it really a question of when, not if?

Can you imagine your banker saying “it’s not a question of if I lose your money, but when will I lose your money”?

muddy waters

Navigating the muddy waters of enterprise infosec

Information security finally has executives’ attention, but aligning with business needs is still challenging.

Wearing multiple hats in IT

Security challenge: Wearing multiple hats in IT

Handling both security and IT duties involves a daily balancing act for the resource-constrained IT organizations that must take this approach. But along with the challenges, there can also be benefits.

grade blackboard cminus

Is security making the grade? What IT and business pros really think

When it comes to security, who’s in charge, where do roles and responsibilities overlap, and what are the biggest challenges to aligning infosec and business goals? A joint CSO, CIO, Computerworld survey sheds some light.

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training


How do you measure success when it comes to stopping Phishing attacks?

What's considered a win when it comes to Phishing? This question was posed to IT workers and non-executive types earlier this month, and everyone had a different opinion on the topic. The general feeling among defenders was that a...


Key questions to mull as you head into infosec budgeting season

Tips for getting the budget past the financial people - from the financial professional's perspective.

keeping score

What’s in a security score?

In May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and...

gap stretching

Insurers working to fill cyberinsurance data gaps

Insurers are starting to expand their services to better educate their customers about cyber risk and even help them defend against attacks before they happen and deal with the fallout of when a breach does occur

crowd stadium

Can crowd security testing be cost efficient for web apps?

Can Bug Bounty programs be a cost-efficient complement for security testing of modern web applications?

cash 100s bills

Training helps CISOs stay relevant

Lack of funding, resulting from poor business alignment, is the biggest risk facing any security program. The SABSA security architecture methodology can help solve this problem.

Three ways to align security programs to enterprise strategy

Security teams often struggle with how best to articulate security value in business terms, and with aligning security priorities with enterprise strategy. All security programs depend on business owners for success, so it is...

Scissors cutting money for budget slashing

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But what if those circumstances are bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up...

committee audit conference

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

raise money bonus windfall

Cybersecurity spending: more does not necessarily mean better

Cybersecurity is not something you can just buy, but something you should thoroughly build.

How long is a piece of string? The challenges and benefits of benchmarking security culture

Measuring security culture is challenging, but increasingly important to information security as we seek to maximize the value of people as well as technology to protect organizations. Asking how a security culture stacks up is like...

Credit card on fire

Why PCI DSS cannot replace common sense and holistic risk assessment

Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.


How an audit can shore up your security strategy

The high-profile data breaches of recent years have forced many organizations to take a closer look at their security technologies and policies, experts say.

Load More
You Might Also Like