Sign up to save your podcasts
Or
Share Top 2 Measurement Challenges
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Top 2 Measurement Challenges
Send us a text
When measuring risk in your organization, you’ll typically discover two challenges: First, top key risk measures that do not have supporting data (aspirational). Second, you’ll be developing middle to low measures with supporting data that do not entirely address the risk.
The lack of data to calculate a particular measure is no reason not to measure the risk; these are your aspirational measures; setting an organizational ambition or goal for your cybersecurity program to report over time is a good strategy; allow your cybersecurity program mature.
To calculate the percentage of assets identified as critical will require two data points, first, the total number of assets, and second, the total number of critical assets; if you don’t have these numbers, you can start by collecting secondary data and establishing secondary measures that will drive towards the aspirational goal of calculating the percentage of assets identified as critical.
========
- Blog: https://www.execcybered.com/blog
- Training: https://www.execcybered.com/iso27001foundationcourse
- Linkedin: https://www.linkedin.com/company/exceccybered/
- Twitter: https://twitter.com/DrBillSouza
- Instagram: https://www.instagram.com/drbillsouza/
Thanks.
Dr. Bill Souza
CEO | Founder
www.execcybered.com
View all episodes
By Dr. Bill Souza
5
11 ratings
Send us a text
When measuring risk in your organization, you’ll typically discover two challenges: First, top key risk measures that do not have supporting data (aspirational). Second, you’ll be developing middle to low measures with supporting data that do not entirely address the risk.
The lack of data to calculate a particular measure is no reason not to measure the risk; these are your aspirational measures; setting an organizational ambition or goal for your cybersecurity program to report over time is a good strategy; allow your cybersecurity program mature.
To calculate the percentage of assets identified as critical will require two data points, first, the total number of assets, and second, the total number of critical assets; if you don’t have these numbers, you can start by collecting secondary data and establishing secondary measures that will drive towards the aspirational goal of calculating the percentage of assets identified as critical.
========
- Blog: https://www.execcybered.com/blog
- Training: https://www.execcybered.com/iso27001foundationcourse
- Linkedin: https://www.linkedin.com/company/exceccybered/
- Twitter: https://twitter.com/DrBillSouza
- Instagram: https://www.instagram.com/drbillsouza/
Thanks.
Dr. Bill Souza
CEO | Founder
www.execcybered.com