Measuring Security Investments

Measuring Security Investments

Assessment

Interactive Video

•

Business

•

University

•

Practice Problem

•

Hard

Created by

Wayground Content

FREE Resource

The video features Mary Faulkner discussing the importance of measuring the effectiveness of security programs. She emphasizes the need for relevant metrics tailored to different audiences and the importance of frameworks like ISO and NIST. Faulkner advises involving various organizational departments in framework decisions and highlights the need for both quantifiable data and subjective observations. The session also covers the importance of moving beyond compliance to fully measure risks and demonstrates how to communicate value to leadership. Audience questions address budget considerations and effective communication strategies.

Read more

10 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a common challenge faced by executives and security professionals regarding cybersecurity investments?

Understanding the technical details of security systems

Demonstrating and understanding the return on security investments

Keeping up with the latest technology trends

Hiring qualified cybersecurity personnel

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Why is it important to tailor cybersecurity metrics to the audience?

To simplify the reporting process

To comply with legal requirements

To make the metrics more relatable and actionable

To ensure the audience is entertained

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a crucial first step when starting a cybersecurity measurement program?

Hiring a consultant

Conducting a company-wide survey

Choosing the right framework

Implementing new technology

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Why might subjective observations be important in cybersecurity measurement?

They are required by most frameworks

They are more accurate than quantifiable metrics

They help plan for future scenarios where data is unavailable

They are easier to collect than data

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a potential downside of building a cybersecurity program solely for compliance?

It may not cover all necessary security aspects

It requires too much training

It is difficult to implement

It is too expensive

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a common rule of thumb for determining a cybersecurity budget?

A percentage of the company's profit

A fixed amount per employee

A percentage of the overall IT budget

A fixed percentage of the company's revenue

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What should organizations focus on when balancing cybersecurity investment and risk?

The company's marketing strategy

The latest technology trends

The company's risk appetite and crown jewels

The number of employees

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Google

Continue with Google

Email

Continue with Email

Classlink

Continue with Classlink

Clever

Continue with Clever

or continue with

Microsoft

Microsoft

Apple

Apple

Others

Others

Already have an account?