A quantifiable measurement used to help organizations evaluate performance.
Metrics provide a standard for measuring the performance of governance programs and controls established to protect an organization’s assets, interests, and resources.
A tool to capture and quantify information about the risks associated with a project or activity, including the potential impact, likelihood of occurrence, mitigation measures, responses, and response triggers.
A risk register increases the chances of successful execution of a project or activity by helping managers identify and evaluate risks, assess their potential impact, and create contingency plans.
Chief Information Security Officer. The most senior individual responsible for protecting an organization’s information assets.
The CISO has overall responsibility for the information security program for an organization. The CISO works closely with executive management and business stakeholders to protect information assets.