ABSTRACT
The sine qua non of metrics would be those that are reliably predictive-leading indicators of security failure or compromise. Today, all that can be said with any certainty is that organizations with substandard security will statistically suffer greater losses. A recent study by Aberdeen demonstrates statistically predictive consequences of good, or deficient, security.
