Académique Documents
Professionnel Documents
Culture Documents
Group 12
Security Metrics
An interpretation of data by management that leads to changes in security policies, systems, practices, etc. Pros: Allows management to make decisions based on trends Allows management view of scope of security threats Provides a realism to the threat to security Cons: Interpretation left to management Data can be misinterpreted
While metrics are derived by comparing, to a predetermined baseline, two or more measurements taken over time. Metrics are generated from analysis.
In other words, measurements are objective raw data metrics are either objective or subjective human interpretations of those data.
Data Loss
Up to May
Reported data loss due to security breaches is not slowing down in the least bit, as the graph points out. Whats more, these statistics only include publicly reported breaches. One can only imagine how many security breaches are unreported by organizations wanting to avoid public scrutiny.
The Question
Security metrics are supposedly a way for upper management and IT departments to converse intelligently about in-house security programs. Why aren't the metrics working?
Questions?