Despite organisations having managed their information risks and security controls for decades, most still struggle with the related measurements, begging big questions about the nature of that ‘management’. It could be argued that the lack of appropriate metrics is partly, perhaps largely responsible for the ongoing stream of information security incidents, privacy breaches, ransomware attacks and the like, plus the shortages of skilled cybersecurity professionals. The quest for better metrics – and professionals who truly understand this stuff – is becoming ever more urgent as the profession matures and expectations rise.
Light on mathematics, statistics and theory, the course provides a wealth of practical tips and techniques, giving you the tools and the confidence to make real progress on this challenging topic. The course emphasises real-world challenges, situations and applications for the tools and techniques, with exercises to try-out new techniques in a safe environment.
This 2-day course moves rapidly through the basics to cover advanced topics likely to be of interest to experienced professionals in senior roles. Although the course directly addresses measurement challenges in information risk and security management, the tools and techniques are more broadly applicable making the learning equally valuable for other metrics used elsewhere in the business. It covers but extends well beyond the technical/cybersecurity metrics typically used at an operational level e.g. in network security.
When it comes to metrics, there is no off-the-shelf list of ‘good practice’ metrics you can simply adopt. Numerous example metrics are discussed during the course to illustrate the pros and cons of various measurement, analysis and reporting approaches. They serve to demonstrate and practice the tools and techniques you will use to craft a custom suite of information security measures for your organisation given its unique business situation and goals, information risks, security controls, maturity level and compliance obligations. Rather than supplying an ill-fitting uncomfortable off-the peg suit(e) of generic metrics, this course teaches you the tailoring skills you need to shine.
This course is designed for experienced professionals in senior roles, including:
The course is delivered in Live Virtual format. It is not a pre-recorded video course. Participants are encouraged to interact with the trainer and each other, with opportunities to ask questions and discuss genuine business situations, challenges and approaches. Bring real-world security measurement issues to the session and come away with pragmatic solutions.
There are hands-on exercises to practice and learn the techniques as a group.
The course workbook stimulates you to think and make your own notes rather than simply read someone else’s, while the course textbook supports supplementary in-depth study.
Security Metrics (2 days)
**10% Discount for AISA members.
You must quote your membership number in the comments section and select the Pay By Invoice option during the online registration process.