Today’s powerful security vulnerability tools provide organizations with the ability to monitor an almost unlimited number of metrics. However, few organizations have the time or resources to give their full attention to all possible metrics. As a result, it’s important to assess which specific security metrics present the business with the most value. Understandably, the answer depends heavily on the audience. What the IT Ops Team Wants Knowing, for instance, that the IT team tasked with applying patches is constantly overworked, it makes sense to focus on the metrics that help them reduce the time necessary to address vulnerabilities. Specifically, while there may be a list of 500 active vulnerabilities, in reality, perhaps just 12 patches can effectively mitigate the majority of the vulnerabilities. As a result, IT is looking to security to go beyond telling it how many vulnerabilities are present and instead to shine a light on the path that addresses the greatest number of vulnerabilities with the least amount of work. What Business Leaders Want If business leaders are the primary audience, it’s important to present an entirely different security metric than the analytics collected for the IT team. Business leaders are most concerned about the overall state of organizational risk, and want information to help them determine what steps are needed to improve the organization’s security posture over time. For business leaders, the concern isn’t with the actual number of vulnerabilities. Instead, business leaders need to know percentages and trends. For instance, what percent of non-patched vulnerabilities are critical, high, or medium grade threats? How is this percentage changing from quarter to quarter? Having this insight allows leadership to effectively address resource requirements, such as reallocating IT staff when needed. Additionally, by monitoring the change in detected vulnerabilities, security teams can adjust their efforts as needed to reduce risk by eliminating the greatest vulnerabilities. Sharing data security trends empowers leadership teams to focus resource deployment on initiatives that best defend the network. Metrics Importance Depends on Your Audience When communicating about security metrics, the real key to success is knowing your audience first, and then addressing their individual needs by giving them security metrics that matter most to them and that present them with actionable insights. Taking this approach values everyone’s time. Read more about security metrics that can help you Manage Business Risk, and learn about Tenable exclusive Assurance Report Cards. Related content brandpost Reporting Matters By Steve Hall Nov 17, 2015 2 mins Security brandpost Fine-tuning Security Metrics to Drive Action By Scott Hollis Nov 16, 2015 2 mins Security brandpost Using Metrics to Improve Your Process By Marcus J. Ranum Nov 13, 2015 3 mins Security brandpost Challenges of Managing Security for Virtual and Cloud Environments By Diane Garey Nov 11, 2015 2 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe