Useful and actionable security metrics continue to be elusive. Program leaders often share what they have rather than what they should. Maybe we have been going about it the wrong way. Maybe, the problem isn’t what you tell your stakeholders, but rather the way you tell them.
. What are the biggest challenges in reporting security metrics?
. Why context is more important than the actual metrics?
. What can leaders do to provide the proper level of context and drive action?