Barney Fife Metrics: The Bullet That We Have but Don’t Use, and Why

Closed captioning will be available in English and Japanese for all keynotes and RSAC track sessions.
Please note: All times are in SGT.
  1. Moscone West

Despite 20 years of research and practical application, security metrics programs have not matured as expected. The promise of a universal oracle has not been fulfilled and CIOs are still inundated with pointless or deceptive metrics. This session will explore research on why this is, how to overcome the cycle of stagnation and what measurement strategies have proven successful.

Learning Objectives:
1: Dispel incorrect assumptions and learn what makes a successful metrics program.
2: Spawn creative ideas for how to improve metrics, both within an organization and broadly.
3: Understand how and why literature and practical application differ regarding security metrics.

Basic understanding of the development, implementation and use of information security metrics.

Download pdf
  • Jon Boyens


  • Celia Paulsen