Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Security Metrics

You can't manage what you don't measure

Know what you need to measure and why, understand data, build output, interpret and apply results. Learn how we use a foundational approach to metrics to quantify the security risk and health of the business.

How to measure the real value of information security management

Next-gen unified security metrics

Learn how we have evolved our information security hygiene processes to integrate operational security risk, and to make those measures visible and actionable from the Board on down.

Unified security metrics framework

Learn how USM combines multiple sources of individual data to create high-value, actionable business metrics.

Quantify the value of a security incident

What is the model?

Learn how we capture and quantify losses from security incidents using ALE/ALR business risk management benchmarks to gauge the value of proposed cybersecurity tools and processes.

The 4-step process

Get started with this 4-step process for finding and measuring the right data.

Crack the code

Cisco‚Äôs CISO, Steve Martino, writes about measuring the real value of information security management. 

What are unified security metrics?

Unified Security Metrics (USM) is a common set of high-value actionable business indicators that Cisco uses to quantify the security health of the company. Greater visibility of security indicators provides system vulnerability intelligence.

What can unified security metrics be used for?

  • Preventive or prescriptive remediation
  • Improved security hygiene
  • Risk management and security posture assessment
  • Operational and business decision-making