Measuring What Matters: Security Metrics Workshop

Heinz College

What are the topics?

Heinz College

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Read more about Finance

Finance is an integral and most important component of any business, so everyone needs to improve their competence in this area. Finance courses will ...

Read more about Information Technology

Information technology is at the heart of any process connected to utilizing computers and communication systems. It is a quite broad term that is use...

Who should attend

Directors and managers of:

  • operational risk management
  • information technology (IT)
  • cybersecurity/information security
  • IT and cybersecurity compliance
  • IT and cybersecurity audit

Security professionals who support the above roles (security engineers, security architects, network engineers. security risk analysts, etc.)

About the course

It is critical to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD) and the latest attack; compliance mandates such as HIPAA, FISMA, SOX, and PCI; and security risk frameworks that typically have little to do with the way the rest of the organization measures risk and prioritizes operational risk management activities. CFOs, enterprise risk management officers, internal audit directors, and CISOs need information risk management approaches that align with business objectives. A measurement approach tied to strategic business objectives will ensure that planning, budgeting, and the allocation of operational resources are focused on what matters most to the organization. In addition, a shift to such an approach will help identify metrics that are expensive to collect and may not be worth the investment. Students in this course will use real-world strategic objectives to develop specific business goals and the applicable questions, indicators, and actionable metrics that they can implement at their own organizations to improve their ability to manage operational risks, particularly cybersecurity risks.

Objectives

This course will help participants to

  • Learn how to refine a student-provided strategic or business objective that meets that S.M.A.R.T.E.R. criteria-Specific, Measureable, Achievable, Relevant, Time-bound, Evaluated, Reviewed-and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.
  • Identify a core set of business goals, based on the student's business objective, to which the cybersecurity risk measurement program will be applied.
  • Formulate one or more key questions for each goal in learning objective 2. The answers to these questions help determine the extent to which the goal is being achieved.
  • Identify one or more indicators for each key question. An indicator is data and information that further inform the answer to each question.
  • Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.

Topics

  • Developing S.M.A.R.T.E.R. Business Objectives
  • GQIM Overview
  • Objectives to Goals
  • Goals to Questions
  • Questions to Indicators
  • Indicators to Metrics
  • The Big Picture - Putting It All in Context

Materials

Participants will receive a downloadable copy of the course materials.

Measuring What Matters: Security Metrics Workshop at Heinz College

This course has no confirmed dates in the future. Subscribe to be notified when it is offered.


Something went wrong. We're trying to fix this error.

Thank you

Someone from the Coursalytics team will be in touch with you soon.

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Read more about Finance

During Finance courses, you will get acquainted with a huge number of financial analyst tools and learn how to work with them. So, you will learn how to make and analyze financial reporting, calculate the main financial indicators of the company and ...

Read more about Information Technology

A large part of the courses provides basic information so the students are not required to have any IT qualifications before enrolling. Most of the IT learning programs are also broken down into specific areas of interest, such as systems analysis, a...

Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.

We are happy to help you find a suitable online alternative.