Source: SANS Blog Author: unknown URL: https://www.sans.org/blog/beyond-meh-trics-examining-how-cti-programs-demonstrate-value-using-metrics/
-
ONE SENTENCE SUMMARY: Effective cyber threat intelligence metrics require clear objectives, stakeholder engagement, and careful planning to demonstrate business impact.
-
MAIN POINTS:
-
CTI metrics should go beyond simple production metrics to show real program impact.
-
Metrics development requires collaborative systems thinking to account for various factors.
-
Establish clear purposes for metrics before their creation to drive business decisions.
-
Weak metrics often stem from undefined objectives and limited understanding of CTI’s value.
-
A taxonomy can assist CTI programs in building appropriate metrics for various purposes.
-
Metrics can be categorized as administrative, performative, or operational based on their functions.
-
Tailoring metrics for specific audiences helps align them with business outcomes and stakeholder needs.
-
Complexity in metrics affects data handling and necessary cross-team collaboration for accuracy.
-
Gradually improving metrics allows CTI teams to adapt and capture more sophisticated data over time.
-
Engaging stakeholders with actionable metrics fosters trust and enhances support for CTI programs.
-
TAKEAWAYS:
-
Focus on meaningful metrics that reflect the actual impact of CTI programs.
-
Collaborate with stakeholders to understand their needs when developing metrics.
-
Utilize a structured taxonomy to categorize and evaluate metrics effectively.
-
Establish clear objectives for metrics to ensure alignment with business goals.
-
Engage in continuous improvement to refine metrics and maintain relevancy.