Measuring Performance and Effectiveness

How do we know if the cybersecurity strategy we've employed is working as planned? How do we know if the CISO and the security team are being effective? This chapter will focus on measuring the effectiveness of cybersecurity strategies.

Throughout this chapter, we'll cover the following topics:

  • Using vulnerability management data
  • Measuring performance and efficacy of cybersecurity strategies
  • Examining an Attack-Centric Cybersecurity Strategy as an example
  • Using intrusion reconstruction results

Let's begin this chapter with a question. Why do CISOs need to measure anything?


There are many reasons why cybersecurity teams need to measure things. Compliance with regulatory standards, industry ...

Get Cybersecurity Threats, Malware Trends, and Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.