To ensure that security monitoring and reporting is carried out objectively, there is a need for dashboard to be periodically presented and reviewed. A typical security dashboard should cover key metrics pertaining to business and financial, risk coverage, vulnerability, patch, incident, and change management.
Financial/business metrics include the following things:
Information security budget as % of IT budget
Financial losses (direct and indirect) caused by security breaches
Impact of damage to reputation and trust
Cost of (loss due to) data breaches, exposed user credentials, information leakage, and so on
Impact of business disruptions caused by security incidents
Risk and security coverage includes the given things:
Risk assessment coverage (% covered against overall applications and against critical applications)
Security testing coverage (% covered against overall applications and against critical applications)
Vulnerability management includes the...