article thumbnail

Measure Security Performance, Not Policy Compliance

The Falcon's View

I'm convinced the answer to this query lies in stretching the "security as code" notion a step further by focusing on security performance metrics for everything and everyone instead of security policies.

article thumbnail

Implementing and Maintaining Security Program Metrics

NopSec

Implementing information security policies and procedures that are enforced and backed by management are essential to the longevity and success of an effective information security program. Level 2: Quantify Performance Targets.