In the News: CRI’s Craig Moss on Cybersecurity Metrics

The Cyber Readiness Institute’s Director of Content and Tool Development, Craig Moss, has recently authored three articles focused on measuring the maturity of cybersecurity programs.

In this article, Moss highlights the top five ways for senior management to establish a common language and understandable metrics for cybersecurity programs. In the article, he emphasizes the importance of discussing cybersecurity in the context of terms commonplace within the boardroom such as risk management. Moss also explains the difference between maturity metrics and performance metrics; and shares that the most critical element in becoming cyber secure is to gain cross-functional buy-in, “Every department needs to be involved in your mission to develop practical policies and procedures that people follow.”

Read herepreview only

Featured in CISO Magazine’s First Anniversary Issue, Moss details the differences between performance and maturity metrics. In the article (available by subscription), he explains the benefits of tracking the maturity of the business processes for effective cybersecurity; and how that compares to classic performance metrics, such as the number of people who clicked on a phishing email.

Read here

In this article for Insurance CIO Outlook, Moss covers the challenges for insurers in understanding the capabilities within companies to manage cyber risks. He also outlines the benefits of having a consistent way to measure the maturity of systems in place within a company and across third parties in the value chain.

Read here

To learn more about the Cyber Readiness Institute contact Henry Vido, Program Director,