CISOs are tasked with quantifying the success and value of the cybersecurity function. Security leaders and their organizations have used a myriad of metrics over the years. Many executives and board members have complained that those measures failed to provide them with adequate insight or understanding of how well the security department is performing, how it’s improving, and where it’s falling short. Experts say there’s no one metric that can work for all CISOs to demonstrate how well their security efforts are working and whether they’re improving over time.”]
Source: https://www.csoonline.com/article/3530230/6-security-metrics-that-matter-and-4-that-don-t.html