Problem solve Get help with specific problems with your technologies, process and projects.

Real-world security metrics

Security guru Tom Bowers advises how to develop real-world security metrics that work for the modern organization.

Tom Bowers, Technical Editor, Information Security magazine, presented this session at Information Security Decisions Fall 2005.

Most discussions of security metrics focus on abstract theory -- how to measure security using complex equations that are only practical in a "perfect" world. This session takes the opposite tack, honing in on real-world methods for developing security metrics given the technical and cultural constraints within the modern organization. Tom Bowers, manager of information security operations at a large pharmaceutical company and technical editor for Information Security, offers insight into metrics that work for his company and other organizations he's familiar with. Tom details current, real-world projects and explains how he and his fellow security practitioners demonstrated value to the business units, as well as the CFO and CIO, without expensive, time-consuming academic formulas.

Download this presentation and learn:

  • The theories for generating metrics and if they apply to security
  • Where to find measurable security statistics
  • Practical low/no cost tools available
  • Tips on presenting the business value where ROI is difficult to justify
  • How to leverage security events occurring outside your company in your presentation

Download this presentation


This was last published in October 2005

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.