ID.IM-03.188

Does your organization use metrics to track and evaluate cybersecurity performance over time?

Explanation

Cybersecurity metrics provide quantifiable data to assess the effectiveness of security controls, identify trends, and make informed decisions about resource allocation and risk management. Examples include number of security incidents, mean time to detect/respond, patch management compliance rates, and security training completion percentages. Evidence could include dashboards or reports showing tracked security metrics over time (with sensitive data redacted), documentation of how metrics are collected and analyzed, or meeting minutes demonstrating how metrics inform security decisions and improvements.

Implementation Example

Use metrics to assess operational cybersecurity performance over time

ID: ID.IM-03.188

Context

Function
ID: IDENTIFY
Category
ID.IM: Improvement
Sub-Category
Improvements are identified from execution of operational processes, procedures, and activities

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron