With the targeted focus on integrating security into operational readiness stances in some enterprises these days, I was curious if there was guidance out there on the security metrics that some consulting firms and internal security teams are working to establish.
Given the choice of list, obviously my focus at present is Microsoft-stack-centric enterprise environments here. I was also thinking about reporting from two tier perspectives: the CIO and the Security functional leadership team that owns the necessary engineering/administration disciplines which implement, monitor, and respond to security events and practices. -W Wayne S. Anderson http://www.linkedin.com/in/wayneanderson
