Barney Fife Metrics: The Bullet That We Have but Don’t Use, and Why


Posted on in Presentations

Despite 20 years of research and practical application, security metrics programs have not matured as expected. The promise of a universal oracle has not been fulfilled and CIOs are still inundated with pointless or deceptive metrics. This session will explore research on why this is, how to overcome the cycle of stagnation and what measurement strategies have proven successful.

Learning Objectives:
1: Dispel incorrect assumptions and learn what makes a successful metrics program.
2: Spawn creative ideas for how to improve metrics, both within an organization and broadly.
3: Understand how and why literature and practical application differ regarding security metrics.

Pre-Requisites:
Basic understanding of the development, implementation and use of information security metrics.

Participants
Celia Paulsen

Participant

Cybersecurity Researcher, National Institute of Standards and Technology

Jon Boyens

Participant

Manager, Security Engineering & Risk Management Group, National Institute of Standards and Technology

risk management metrics big data analytics behavioral analytics


Subtopic


Share With Your Community