What metrics do you need? How do I measure these?
These are questions that Dean Dorton’s Cybersecurity Scorecard Assessment provides the answers for.
We have developed a grading system that measures the accumulated risk based upon identified security issues or ineffective controls. These risk ratings are combined to provide both domain-level and overall organizational risk.
To further communicate what these means, we tie the risk levels back to a threat actor scale (courtesy of the Verizon Data Breach Report) to help you understand the types of threat actors your current posture protects against, and who you are still vulnerable to.