In time, we would like to provide additional information in support of those using the book and the PRAGMATIC method, starting with the spreadsheet of example metrics discussed in Chapter 7 and in the blog: click the image below to download the Excel spreadsheet.
Feel free to re-score the example metrics in your own organizational and business context. Change the metrics as much as you like, and add your own candidate or pet metrics. Re-sort the list by any column - for example to identify the most Meaningful or most Predictive examples, or sort them according to the sections of ISO/IEC 27002. Filter out just the strategic or management metrics. Knock yourself out!
What should an Information Security Metrics Toolkit consist of?
Aside from the spreadsheet, the book, the metrics FAQ and other information on this site, the blog, and the Linkedin discussion forum, what else would help you? What tools, documents, presentations etc. would you find most useful to help design, develop, implement and maintain your information security metrics?
If you think of something you want, or if you are willing to share something that you have developed, please do get in touch, either by email or through the Linkedin forum.