Security Metrics are Executive Priority

Intellitactics announced the results of a recent survey of top information security and IT decision makers regarding the use of business-driven metrics for measuring security effectiveness and value.

The findings confirm the view that security has matured as a management discipline. Security professionals now realize that in order to advance their strategy, they need to measure value and communicate it clearly to other executives and stakeholders across the business.

Results of the survey show that 89.5% of the organizations surveyed use metrics to describe the current security posture. 46%, use metrics to measure security value, with 42.5% planning to take action within the year. About 60% of those already taking steps to measure security performance do so to justify spending; and almost 80% reported that demonstrating IT security effectiveness to other functional managers helps IT to justify action and budgets.

“Investment in security, driven by compliance initiatives and the desire to protect customers, patients, and the companies themselves from unnecessary risk, continues to increase. All managers are asking the question ‘How secure are we, really?’,” explains Pamela Casale, Chief Marketing Officer for Intellitactics.

Key survey findings emphasize that the ability to measure value requires a centralized reporting capability, presentation of information in context, and automated processes for dynamically generating the metrics.

“If you manage security as part of an integrated business process, you will be able to quantify improvements in security and demonstrate results over time,” says Casale. “Demonstrating improvement, however, can be difficult if the metrics are not communicated effectively to recipients. Businesses executives need an easy-to-understand communication vehicle populated with practical metrics in order to create a picture of enterprise security – this means an executive dashboard.”

More information at

This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files containing sensitive data on your network and relocate them if necessary.

Leave a Reply