Designing Security Scorecards

“How’m I doing?”

Former New York City Mayor Edward I. Koch, ca. 1978

Keeping score is a natural human activity. We do it in school, with our sports teams, in our personal lives, and with political candidates. Familiar methods of scoring include report cards and test scores, sports box scores and league standings, stock indices, and opinion polls.

There are lots of reasons for scorekeeping: performance measurement, intellectual curiosity, creeping jealousies, and sometimes simple nosiness. Because I am not a licensed psychologist—merely one with armchair credentials—this chapter focuses only the business performance aspects of scorekeeping—in particular, on scoring security performance.

Scorekeeping, when expressed ...

Get Security Metrics: Replacing Fear, Uncertainty, and Doubt now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.