1 Introducing cybersecurity metrics

 

This chapter covers

  • Metric types and their practical applications
  • Common frameworks for cybersecurity programs
  • The significance of metrics in modern cybersecurity
  • The changing landscape of cyber threats

In 2006, British mathematician Clive Humby famously said, “Data is the new oil.” While this sentiment captures the transformative power of data, it is important to recognize a key distinction: oil is finite, while data is seemingly boundless, especially as AI begins to generate its own data. In today’s digital landscape, data has become an ever-growing resource that powers business strategies, product development, and organizational success. However, like crude oil, raw data requires refinement—analysis, context, and interpretation—to become valuable.

This is particularly true in cybersecurity, where metrics act as the refining process that transforms raw data into actionable insights. Metrics help organizations interpret and monitor risks, enable them to measure performance, and ensure their security posture is aligned with overarching business goals. Critical vulnerabilities can remain hidden without proper metrics, leaving organizations exposed to risks.

1.1 Understanding metrics

1.2 Significance of metrics in cybersecurity

1.3 Traditional vs. innovative metrics

1.4 The changing landscape of cybersecurity

1.5 The importance of frameworks in cybersecurity

1.5.1 HITRUST framework

1.5.2 Center for Internet Security CIS Top 18 framework

1.5.3 NIST Cybersecurity Framework v2.0

1.6 AI and predictive cybersecurity metrics

1.7 Defending against AI

Summary