Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Overcoming security metrics challenges to measure what matters

August 5, 2021

Security Magazine

As legendary management guru Peter Drucker said, “You can’t manage what you can’t measure.” For some business functions, such as sales and human resources, standard metrics clearly illustrate whether or not departments are on track to meet business objectives. Unfortunately, it’s not as clear-cut for security programs.

While many organizations may realize they can’t entirely eliminate cyber risk, they still need to quantify their security efforts and set thresholds to show whether they’re trending positively or introducing more risk. The right metrics help to shed light on a company’s current security posture and, more importantly, where it might have gaps, shortcomings, or areas to prioritize for future improvement.