Using Security Metrics to Determine Security Program Effectiveness

Abstract

Security objectives serve as the foundation for security metrics, which are used to guide decisions on how to increase the security of all parts engaged in providing services and processing data. Numerous data breaches are re-vealed each week, some of which may have affected tens or even hundreds of millions of people. Customers and regulators are both becoming more concerned about firms' information security procedures and their plans for preventing security breaches and protecting sensitive data. As a result, sever-al laws and regulations have been enacted to enhance cybersecurity risk management and to protect personal information that may be held or trans-mitted among businesses. The majority of these industry-specific and general data protection laws are complex, requiring ongoing oversight to maintain compliance throughout your business and the companies of your vendors. To gauge the effectiveness of and involvement in the usage of security con-trols, it is crucial to define a set of security metrics. A carefully defined set of metrics will help direct future security decisions and strengthen your or-ganization's security posture. In our study, we proposed to review security metrics to determine security program effectiveness for a company which is fictional for the scope of study. Firstly, we defined security metrics and their key indicators successfully. We discussed different scenarios for Trivest Technologies Limited company, which is fictional, we just used it for our scope of study. We successfully discussed, developed, and used KPIs, KRIs and KGIs; which are security metrics for the Trivest Technologies Limited company, and we found out that these security metrics help us determine the security program effectiveness for a company successfully. By implementation of its successful results, it also aligns with one of the United Nations Sustainable Development Goals i.e., 8th: Decent work and Economic Growth.