Working with the security strategy map
Another way to capture the benefits of a strategy is to have a value map. This maps out how valuable an initiative – in our case, agile security operations – is to an organization, as well as how effective the proposed principles are.
In this section, I will outline a few metrics that organizations can use to map the effectiveness of their strategy onto a set of metrics in terms of financial measures, customer measures, operations, and capabilities. The latter focuses on the effectiveness of security operations and indicates the means of improvement.
Financial metrics
The financial metrics of the security strategy are primarily focused on measurable risk reduction, which was discussed earlier in this chapter. Among the specific financial metrics to measure the quality of a security program, you can consider the following:
- Risk reduction measured in financial terms, such as incidents avoided
- New revenue made...