As you look to improve in any endeavor, it helps to have a view of where you are and a vision for where you need to go. This improvement will need to be continuous and will need to be measured. The requirement of being “continuous and measurable” was stated as one of the main outcomes of this how-to book. Continuous measurements that have a goal in mind are called “metrics.” To that end, this chapter provides an operational security-metrics maturity model. Different from other analytics-related maturity models (yes, there are many), ours starts and ends with predictive analytics.
This chapter will begin to introduce some issues at a management and operations level. Richard Seiersen, the coauthor who is familiar with these issues, will use this chapter and the next to talk to his peers using language and concepts that they should be familiar with. Richard will only selectively introduce more technical issues to illustrate practical actions. To that end, we will cover the following topics: