Organizations often report ineffective operational and technical metrics for vulnerability management. View a Gartner® report about why security and risk management leaders should report metrics aligned with risk and business objectives (outcome-driven metrics) to improve their vulnerability management program. It includes:
Here are some examples of recommendations from the report:
Design vulnerability management metrics to cater to the needs of organizational stakeholders outside of security by including business-specific risk and performance indicators.
Align metrics to include threat, asset, and business context, which, in turn, can help improve remediation/mitigation efforts and provide measurable business value.
View the report to learn more.
Gartner, Tracking the Right Vulnerability Management Metrics, Mitchell Schneider, Craig Lawson, 30 September 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.