Cleaned up Literature folder

Corpus/Literature/Jaquith - Security Metrics/Security Metrics that Count – for Twilio.md

@@ -0,0 +1,19 @@
+# Security Metrics that Count
+
+Harini Rangarajan of Twilio (a customer engagement platform) has published a [blogpost](https://www.twilio.com/blog/security-metrics-count) on 30-11-2021 called 'Security Metrics that Count'.
+
+They found (by using metrics!) that different audience groups within Twilio were interested in different kinds of security metrics:
+- Executive-level leadership wanted to understand the security posture across the organization
+- VPs wanted to understand the security posture of their specific business units
+- Product managers wanted to understand the security posture of their products
+- Engineering managers wanted to understand how many open vulnerabilities were present and which ones their teams should prioritize fixing.
+
+They distinguish metrics that capture the 'health' of the organization (security wise) and metrics that capture the maturity of the security program. These metrics are shown in a table in the blogpost.
+
+To establish the current security posture of their products, they added extra fields to their (development) ticket managing system Jira for Vulnerability Category, Vulnerability Source and Business Unit.
+They then used this data to generate dashboards for different audiences.
+
+Related:
+- [[MyVault/👩🏼‍⚖️ Standards and Regulations/ISO 27001 2013/ISO 27001 C 9 Performance evaluation#9 1 Monitoring measurement analysis and evaluation]]
+- [ISO 27001 A 12.4 Logging and monitoring](../../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%2012.4%20Logging%20and%20monitoring.md)
+