"For a university security practitioner, this is crucial information to convey to the school's board and more importantly, to answer the fundamental question: 'What does this threat mean for our business?'"
Answer the questions being asked.
Your metrics should paint a picture that people outside the security team can understand. Reduce the amount of technical jargon and stat charts on your slides and focus on measuring what matters to your audience. The end result should communicate whether you are more or less secure, and why.
"A lot of times we hear from companies that talking with security teams can be intimidating because not everyone in the room is a technological expert, or at the same level of awareness as the pros. The way to face this challenge is to avoid walking into the room with an eye-chart packed presentation, but to instead focus on only showing the metrics that answer the questions your board is asking. This ties back to knowing your audience and making sure you speak in a common language," Boyer said.
Sign up for MIS Asia eNewsletters.