Top 2 Measurement Challenges
- Author
- Dr. Bill Souza
- Published
- Thu 25 Aug 2022
- Episode Link
- None
When measuring risk in your organization, you’ll typically discover two challenges: First, top key risk measures that do not have supporting data (aspirational). Second, you’ll be developing middle to low measures with supporting data that do not entirely address the risk.
The lack of data to calculate a particular measure is no reason not to measure the risk; these are your aspirational measures; setting an organizational ambition or goal for your cybersecurity program to report over time is a good strategy; allow your cybersecurity program mature.
To calculate the percentage of assets identified as critical will require two data points, first, the total number of assets, and second, the total number of critical assets; if you don’t have these numbers, you can start by collecting secondary data and establishing secondary measures that will drive towards the aspirational goal of calculating the percentage of assets identified as critical.
========
- Blog: https://www.execcybered.com/blog
- Training: https://www.execcybered.com/iso27001foundationcourse
- Linkedin: https://www.linkedin.com/company/exceccybered/
- Twitter: https://twitter.com/DrBillSouza
- Instagram: https://www.instagram.com/drbillsouza/
Thanks.
Dr. Bill Souza
CEO | Founder
www.execcybered.com
