For things like cybersecurity, where even one lapse or mistake could result in huge consequences, so even a team that successfully rejects 99.9% of attacks can look like a failure, according to an article in TechTarget. In order to ensure your cybersecurity team is being fairly evaluated, and not just lauded or buried on individual events, it’s important to establish a set of criteria that consider organizational goals. For many, the following criteria will help establish a framework for evaluation:
- Through effectiveness, by considering how well individual or grouped security measures do at achieving their goals
- Through maturity, by examining the reliability and repeatability of the security measures and processes
- Through efficiency, by examining the costs and resources a process or procedure requires, compared against the quality of the results
- Through alignment, by considering how well the specific process or result matches the skills or culture held by the organization
- By building criteria that consider all aspects encompassed by a cybersecurity organization, companies can better understand the advantages and disadvantages of their approaches, with the intent of improving them.
Source:
https://www.techtarget.com/searchsecurity/feature/4-criteria-to-measure-cybersecurity-goal-success