8

Designing Security Scorecards

“How’m I doing?”

Former New York City Mayor Edward I. Koch, ca. 1978

Keeping score is a natural human activity. We do it in school, with our sports teams, in our personal lives, and with political candidates. Familiar methods of scoring include report cards and test scores, sports box scores and league standings, stock indices, and opinion polls.

There are lots of reasons for scorekeeping: performance measurement, intellectual curiosity, creeping jealousies, and sometimes simple nosiness. Because I am not a licensed psychologist—merely one with armchair credentials—this chapter focuses only the business performance aspects of scorekeeping—in particular, on scoring security performance.

Scorekeeping, when expressed ...

Get Security Metrics: Replacing Fear, Uncertainty, and Doubt now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.