ITMPI FLAT 003
Main Menu
Home / Project Management / Risk Management / Benchmarking as a Sentinel

Benchmarking as a Sentinel

We usually think about benchmarks in regard to their ability to size up the competition, or to teach us where we can generate bigger ROIs. Katherine Brocklehurst however talks about the power of benchmarking in protecting the organization from outside threats. It just might be the shield that protects you from the dragon’s fire.

A Calculated Defense

Benchmarking, whether done manually or with an analytics tool, can allow organizations to track and compare security performance. It can both demonstrate to the C-suite whether security performance has improved from year to year, and whether or not that performance is up to snuff with security across analogous organizations. The challenge comes in convincing organizations to share their metrics:

It’s common knowledge that organizations need multiple layers of technology, processes and practices to improve safety and/or minimize developing security issues. There are a few industry standards, like the Consensus Information Security Metrics (CIS), that offer their own performance goals, but few groups share metrics (and details for how to improve them) with others. We need metrics that rapidly evolve with the new as well as past threats organizations face.

The Best Metrics

Brocklehurst offers several ideas on what makes for the best metrics. They need to be factual and objective, measured consistently, and issued on normal business intervals. Data should be numeric and represent relationships like ratios and percentages. It also needs to be normalized rationally across multiple controls and technologies, with Brocklehurst bringing up examples like “three flavors of anti-virus, each with different scan cycles, unique whitelists, and updated on distinctive schedules.” The overall idea is for the numbers to tell a story, and probably a big story at that, as your place and the places of others start to fit together in the industry. You can read the full article here: http://www.tripwire.com/state-of-security/featured/key-characteristics-of-good-metrics-comparing-your-security-organization/

About John Friscia

John Friscia is the Editor of Computer Aid's Accelerating IT Success. He began working for Computer Aid, Inc. in 2013 and continues to provide graphic design support for AITS. He graduated summa cum laude from Shippensburg University with a B.A. in English.

Check Also

Conduct an Unshakeable SWOT Analysis in 2 Hours or Under

Where risk and opportunity are concerned, the SWOT framework is one of the most versatile …

Leave a Reply

Your email address will not be published. Required fields are marked *