Abstract: The constantly increasing number of security incidents and threats warrant organizational security governance (OSG) practices rooted in data that allow quick and reliable decision-making to quickly adapt to the changing landscape of security management. Measurement, reporting, and monitoring of security controls across organizations provide a data-driven governance approach that enables leaders to scale security tools and measures aligned to organizational business objectives. This research identifies standard practices under measurement, reporting, and monitoring and provides insight into how these domains come together to enhance overall OSG practices. Interviews are conducted with security professionals in multiple organizations. Qualitative analysis of the data suggests underlying themes for each domain. Results indicate that the three domains under study form the basis of data governance and play a key role in aligning the OSG objectives with security controls. Implications for research and practice are drawn, and future research directions are suggested.
Download this article: CPPJ - V2 N1 Page 38.pdf
Recommended Citation: Slonka, K., Mishra, S., Draus, P., Bromall, N., (2023). Measurement, reporting, and monitoring in organizational security governance from the security professional’s perspective. Cybersecurity Pedagogy and Practice Journal2(1) pp 38-49. http://CPPJ.org/2023-1/ ISSN : Forthcoming. A preliminary version appears in The Proceedings of CONISAR 2022