Security culture remains an elusive amorphous ‘thing’ that we all aspire to improve but don’t really understand why or how. This is not unusual in organisations and institutions who try to understand why the interactions and communication between the people who make the goals of the group happen take on…
Tag: measurement
Asset Management Measurement for Cyber
Some time ago I wrote about using the Goal-Question-Metric (GQM) method for identifying useful and organisationally relevant measurements in order to have a clear view of some aspect of security. Often we think about metrics in terms of engaging security colleagues, executives and the board. However, occasionally in distributed organisations,…
Measuring Security
For nearly a decade I have been regularly coming back to one of the hardest problems in security, measuring it. There are lots of opinions and no shortage of books full of candidate metrics and there are swathes of consultants prepared to give you a spreadsheet of metrics to go measure…