Home / Business Metrics / Finding the Right Metrics to Rate Your Security

Finding the Right Metrics to Rate Your Security

We trust measurements to let us know where we stand on so many crucial subjects. Security should fall under that same umbrella. In an article for VentureBeat, Ashok Sankar discusses the challenges of selecting the proper metrics to measure security effectiveness.

Safe Choices

On paper, it might make sense to go with number of breaches in a year as a starting metric. But if there are 30 breaches in one year, followed by 25 breaches the next year, the second year is not a better year if one of those 25 breaches nabbed valuable intellectual property. As Sankar says, “It’s like adding up the number of broken windows in a bank with a wide-open vault.” Three metrics that come recommended instead are average time to respond, time to repair, and dwell time.

Those first two sound pretty intuitive, but dwell time is especially insidious. Sankar likens it to walking around a retail store. If you visit the store, you may retain a few details about where things are located, but if you spend a week or months there, you will know the layout much better. Likewise, the greater the dwell time, the greater the danger the intruder now represents. Sankar continues:

According to the 2015 threat report from Mandiant, attackers spent a median of 205 days inside a company’s network before being discovered. That’s nearly 30 weeks combing through your information for vulnerabilities, identifying critical information, mapping your network, and determining any anomalies or adverse actions. Imagine the damage an attacker could inflict given that amount of undetected time.

When incorporating dwell time into a larger security plan, IT should be given an appropriate budget to find the right tools for detecting intrusions, analyzing intruder actions, and kicking out those criminal jerks. Once this is accomplished, you will have real, useful numbers to inform your security efforts. You can read the original article here: http://venturebeat.com/2015/05/25/finding-the-right-metrics-to-rate-your-security/

About John Friscia

John Friscia is the Editor of Computer Aid's Accelerating IT Success. He began working for Computer Aid, Inc. in 2013 and continues to provide graphic design support for AITS. He graduated summa cum laude from Shippensburg University with a B.A. in English.

Check Also

The Struggle with Quality Metrics

Quantifying the value of quality management and broadcasting it across the business is not as …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sorry, but this content
is for our subscribers only!

But subscribing to ACCELERATING IT SUCCESS is FREE and only one click away!
Join more than 40,000 IT Professionals and get the best IT management articles to your mailbox with Accelerating IT Success!

Unsubscribe at any time