Organizations often find it difficult to determine the security and business value directly related to identity and access management (IAM) investments. Security and risk management (SRM) leaders responsible for IAM can use outcome-driven metrics to guide IAM investments, deliver business value and achieve a stronger security posture.
SRM leaders who are responsible for IAM should follow a three-step approach to make sure their metrics will deliver security and business outcomes:
- Use outcome-driven metrics (ODMs) to measure IAM protection levels.
- Align ODMs to business strategies.
- Incorporate ODMs into IAM programs for visibility and to guide IAM investment.
