Basically i would like to know how well are my security investments working together.
Can anyone suggest enterprise cyber security effectiveness measurement techniques for security metrics?
I'm not looking for KRI, KPI stuff.
Can we consider OM in this context?
May be, i'm perplexing.....Please share your thoughts or references.
have you looked into CIS CyberSecurity Controls (CSC)?? Here is their page: https://www.cisecurity.org/controls/
They have measures and metrics for each technical control they suggest: https://www.cisecurity.org/white-papers/cis-controls-v7-measures-metrics/
That's very helpful for me, hope it works for you.
Jose Ramirez, CISSP
Thank you. Will check