Real-world security metrics

Security guru Tom Bowers advises how to develop real-world security metrics that work for the modern organization.

Tom Bowers, Technical Editor, Information Security magazine, presented this session at Information Security Decisions

Fall 2005.

Most discussions of security metrics focus on abstract theory -- how to measure security using complex equations that are only practical in a "perfect" world. This session takes the opposite tack, honing in on real-world methods for developing security metrics given the technical and cultural constraints within the modern organization. Tom Bowers, manager of information security operations at a large pharmaceutical company and technical editor for Information Security, offers insight into metrics that work for his company and other organizations he's familiar with. Tom details current, real-world projects and explains how he and his fellow security practitioners demonstrated value to the business units, as well as the CFO and CIO, without expensive, time-consuming academic formulas.

Download this presentation and learn:

  • The theories for generating metrics and if they apply to security
  • Where to find measurable security statistics
  • Practical low/no cost tools available
  • Tips on presenting the business value where ROI is difficult to justify
  • How to leverage security events occurring outside your company in your presentation

Download this presentation

This was first published in October 2005

Dig deeper on Enterprise Risk Management: Metrics and Assessments



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: