Access "Marcus Ranum chat: The information security metrics dilemma"
This article is part of the September 2012 issue of Setting up for BYOD success with enterprise mobile management and mobile application security
Security expert and Information Security magazine columnist goes one-on-one with Alex Hutton, director of operations and technology risk for a Fortune 250 financial institution and formerly with the Verizon Business RISK Team. Marcus: I find that 99 percent of the people who want to talk about metrics seem to be looking for metrics as a way of understanding what's going on around them, when it seems to me that information security metrics are a way of tracking something that you already understand. What's your experience with that? Do you get people coming to you for some catch-all metric? Why is this problem so hard? Alex: My experience is that most metric programs suck. The reason I find that most people are disappointed in their metric programs is, as you say, most of us are measuring what we already understand. What unsuccessful programs seem to be missing is a useful model to provide context. Think of it this way, the purpose of the analytical or scientific pursuit is to achieve a state of wisdom, or the best course of action possible with all the ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
A new framework for preventing XSS attacks
by Joseph Bugeja and Geraint Price
Understand how cross-site scripting attacks work and how to prevent them.
-
Security as a Service: Benefits and risks of cloud-based security
by Joseph Granneman
Know the pros and cons to cloud-based security services before making the leap.
-
A new framework for preventing XSS attacks
by Joseph Bugeja and Geraint Price
-
-
Malware analysis tools and techniques failing but researchers aim for improvement
by Robert Westervelt, News Director
Malware analysis is falling short but some security researchers are working to reverse the trend.
-
Mobile application security best practices in a BYOD world
by Russ McRee, Contributor
Mobile applications are proliferating in the enterprise, posing new risks to enterprises and requiring mitigation.
-
Malware analysis tools and techniques failing but researchers aim for improvement
by Robert Westervelt, News Director
-
Columns
-
Marcus Ranum chat: The information security metrics dilemma
by Marcus J. Ranum, Contributor
Security expert Marcus Ranum goes one-on-one with Alex Hutton about the problems with security metric efforts.
-
Reflections on changing information security trends
by Michael S. Mimoso, Editorial Director
Veteran security journalist reminisces about covering the industry and says farewell to TechTarget.
-
BYOD policy: The costs and potential ROI
by Andrew Braunberg, Contributor
Security pros need to understand the total costs and potential ROI of BYOD policies.
-
Marcus Ranum chat: The information security metrics dilemma
by Marcus J. Ranum, Contributor
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...