Security Metrics - Why Should You Care?

‹ Previous Post
What’s the Current State of IT Security in the Financial Services Sector? SANS Goes to the Source for the Answer...
Blog Home
Next Post ›
Critical Systems Security – Questions and Answers from SANS

In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.

Most of the complex fields humans engage in develop their own terminology, which then becomes a problem of translation for the expert. One of the fundamental problems for security at the “C-level” is to translate between security's inner language, which tends to be about risk, and business' inner language, which is about money and opportunity. The problem a lot of us security practitioners have is that we can't really talk sensibly about risk without trying to quantify it, because the others at the “C-level” are going to want to make a risk/reward judgment and, all too often, we're kind of waving our hands and the best we can do is point to some of the other casualties by the road-side and say “well, look what happened to them!”

Read the Rest at Security Week

Filed Under: ,