ROI and Metrics

ROI and Metrics | News, how-tos, features, reviews, and videos

crime scence police tape

2016: A reflection of the year in cybercrime

A look back at 2016 predictions in cyber crime and how it all actually played out.

executive on ladder drawing financial charts and investments

ProofPoint, Rapid7 and CyberArk lead the field of publicly-traded cybersecurity companies

Q3 2016 financial results are in for publicly-traded cybersecurity firms -- and three names outpaced the rest of the market: ProofPoint, Rapid7, and CyberArk.

analytics network monitoring

SIEMs-as-a-service addresses needs of small, midsize enterprises

Traditional security information and event management systems are expensive, require dedicated security staff, and are difficult to set up and manage -- but managed security service providers are stepping in to make SIEMs practical...

Shall we care about zero-day?

Gartner says that 99% of exploited vulnerabilities are publicly known. Does it mean we can ignore zero-days?

business man holding money bag

Yahoo shows that breach impacts can go far beyond remediation expenses

Several studies have come out recently trying to get a handle on the total costs of a data breach, with a large variation in costs - from less than $1 million on average, to $6 million - based on the data sets and types of included...

Cybersecurity: is it really a question of when, not if?

Can you imagine your banker saying “it’s not a question of if I lose your money, but when will I lose your money”?

muddy waters

Navigating the muddy waters of enterprise infosec

Information security finally has executives’ attention, but aligning with business needs is still challenging.

Wearing multiple hats in IT

Security challenge: Wearing multiple hats in IT

Handling both security and IT duties involves a daily balancing act for the resource-constrained IT organizations that must take this approach. But along with the challenges, there can also be benefits.

grade blackboard cminus

Is security making the grade? What IT and business pros really think

When it comes to security, who’s in charge, where do roles and responsibilities overlap, and what are the biggest challenges to aligning infosec and business goals? A joint CSO, CIO, Computerworld survey sheds some light.

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training


How do you measure success when it comes to stopping Phishing attacks?

What's considered a win when it comes to Phishing? This question was posed to IT workers and non-executive types earlier this month, and everyone had a different opinion on the topic. The general feeling among defenders was that a...


Key questions to mull as you head into infosec budgeting season

Tips for getting the budget past the financial people - from the financial professional's perspective.

keeping score

What’s in a security score?

In May, FICO upped its own scoring game. It acquired cybersecurity firm QuadMetrics to create its own brand of enterprise security scores for enterprises. The new scoring tool, available in August, uses predictive analytics and...

gap stretching

Insurers working to fill cyberinsurance data gaps

Insurers are starting to expand their services to better educate their customers about cyber risk and even help them defend against attacks before they happen and deal with the fallout of when a breach does occur

crowd stadium

Can crowd security testing be cost efficient for web apps?

Can Bug Bounty programs be a cost-efficient complement for security testing of modern web applications?

cash 100s bills

Training helps CISOs stay relevant

Lack of funding, resulting from poor business alignment, is the biggest risk facing any security program. The SABSA security architecture methodology can help solve this problem.

Three ways to align security programs to enterprise strategy

Security teams often struggle with how best to articulate security value in business terms, and with aligning security priorities with enterprise strategy. All security programs depend on business owners for success, so it is...

Scissors cutting money for budget slashing

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But what if those circumstances are bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up...

committee audit conference

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

raise money bonus windfall

Cybersecurity spending: more does not necessarily mean better

Cybersecurity is not something you can just buy, but something you should thoroughly build.

Load More
You Might Also Like