Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2012

Marcus Ranum chat: The information security metrics dilemma

Security expert and Information Security magazine columnist goes one-on-one with Alex Hutton, director of operations and technology risk for a Fortune 250 financial institution and formerly with the Verizon Business RISK Team. Marcus: I find that 99 percent of the people who want to talk about metrics seem to be looking for metrics as a way of understanding what's going on around them, when it seems to me that information security metrics are a way of tracking something that you already understand. What's your experience with that? Do you get people coming to you for some catch-all metric? Why is this problem so hard? Alex: My experience is that most metric programs suck. The reason I find that most people are disappointed in their metric programs is, as you say, most of us are measuring what we already understand. What unsuccessful programs seem to be missing is a useful model to provide context. Think of it this way, the purpose of the analytical or scientific pursuit is to achieve a state of wisdom,  or the best course of ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close