Source: SANS Blog Author: unknown URL: https://www.sans.org/blog/beyond-meh-trics-examining-how-cti-programs-demonstrate-value-using-metrics/

ONE SENTENCE SUMMARY:

Effective cyber threat intelligence metrics require clear objectives, stakeholder engagement, and careful planning to demonstrate business impact.

MAIN POINTS:

1. CTI metrics should go beyond simple production metrics to show real program impact.
2. Metrics development requires collaborative systems thinking to account for various factors.
3. Establish clear purposes for metrics before their creation to drive business decisions.
4. Weak metrics often stem from undefined objectives and limited understanding of CTI’s value.
5. A taxonomy can assist CTI programs in building appropriate metrics for various purposes.
6. Metrics can be categorized as administrative, performative, or operational based on their functions.
7. Tailoring metrics for specific audiences helps align them with business outcomes and stakeholder needs.
8. Complexity in metrics affects data handling and necessary cross-team collaboration for accuracy.
9. Gradually improving metrics allows CTI teams to adapt and capture more sophisticated data over time.
10. Engaging stakeholders with actionable metrics fosters trust and enhances support for CTI programs.

TAKEAWAYS:

1. Focus on meaningful metrics that reflect the actual impact of CTI programs.
2. Collaborate with stakeholders to understand their needs when developing metrics.
3. Utilize a structured taxonomy to categorize and evaluate metrics effectively.
4. Establish clear objectives for metrics to ensure alignment with business goals.
5. Engage in continuous improvement to refine metrics and maintain relevancy.