http://www.darkreading.com/security-monitoring/167901086/security/security-management/229400652/searching-for-security-8217-s-yardstick.html By Tim Wilson Darkreading March 30, 2011 There’s an old saying in IT: You can’t manage what you can’t measure. If that’s true, however, security managers must be in a world of hurt. Across this usually contentious security industry, there is violent agreement about two points: Security departments need better ways to prove that their organizations are safe, and there are no clear-cut numbers that definitively prove that point. "So you’re in the management meeting, and the sales guy gives specific numbers about orders and gross revenue," says Steve Dauber, vice president of marketing at RedSeal, which makes software designed to monitor security posture. "The networking guy gives numbers about uptime and throughput and response time. Then it comes around to the security guy, and he says, 'Well, we didn’t get hacked today.'" The basic problem, experts say, is that it’s tough to measure a negative. If security’s primary goal is to prevent outsiders from getting in -- and insider data from getting out -- what numbers are there to measure its success? The only clear metric is a negative: How many times has a compromise been discovered? [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Thu Mar 31 2011 - 23:27:39 PDT
This archive was generated by hypermail 2.2.0 : Thu Mar 31 2011 - 23:33:40 PDT