News

02:11 PM
Connect Directly
RSS
E-Mail
50%
50%

5 Strategic Security Metrics To Watch

Is your security program paying off for the business? Here are five high-level metrics that the executive suite needs to watch.

Information security specialists like to argue over a lengthy list of possible metrics to measure their systems' security posture.

For managers and executives, however, the picture needs to be simplified to a less controversial collection of measurements. While security administrators focus on technical metrics, managers and chief security officers have to focus on how IT security interacts with business, said Kevin Lawrence, senior security associate with IT security consultancy Stach & Liu.

"Everything comes down to whether the business impact is worth the security reward," said Lawrence. "It does not makes sense to close a vulnerability if you can't then do business."

Earlier this month, industry experts weighed in on their top-5 metrics for tactical security, such as identifying dark parts of their own network and the total attack surface area. In interviews, analysts and security professionals offered a higher-level, more strategic mix of metrics to measure as well.

While some of these metrics may not directly correlate to security, getting high marks means that a company has a good level of control over its systems, network and data- and that means security, said Andrew Jaquith, chief technology officer of security services firm Perimeter e-Security.

"Running a tighter shop, with more control, is always good for security," he said. "It means that you can react very quickly if you have to change something."

Here are five security metrics to track for businesses.

1. Keep up with the Joneses
A starting point for many companies is whether they are spending as much as the median firm in their industry. In 2012, security is expected to account for 7% of IT budgets as a whole, according to business intelligence firm Forrester Research. The number varies by industry with financial services tending to spend more, and healthcare and manufacturers spending less.

"If your industry partners are spending 6% of their IT budget on security and you are spending 2%, that's probably an issue," said Stach & Liu's Lawrence.

While the metric does not indicate how well companies are spending their security dollars, it is a good high-level measurement.

Read the rest of this article on Dark Reading.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tim_12
50%
50%
tim_12,
User Rank: Apprentice
3/1/2012 | 7:04:13 AM
re: 5 Strategic Security Metrics To Watch
Thanks for the sharing the great article about the security. really its must for all :)
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed