Organizations struggle to demonstrate that their cybersecurity program and controls are consistent, adequate, reasonable and effective (CARE). Security and risk management leaders can use the CARE framework to develop metrics to prove the credibility and defensibility of their cybersecurity program.
Strategic Planning Assumption
Gartner Recommended Reading
Note 1: The Standard of Due Care