Recently we have addressed various issues regarding securitymetrics, such as:
- CyTRAP Labs – guide – developing IT security metrics that work for you
- Managing risks while getting your CEO’s attention – communication matters
- Security metrics – do you know what your boss wants?
- CyTRAP Labs – guide- the seven deadly sins of security metrics
Security metrics is important but sometimes we seem to be doing it less than perfect and, as importantly, not only may we be too lazy to check the statistics (is it kosher?) but maybe even worse is the case where people outright misquote studies. Here is an example of how things can go wrong.
February 2005, Mike Nash, corporate vice president of the Security Business & Technology Unit at Microsoft quoted the National Computer Security Alliance (NCSA) as follows:
“The National Cyber Security Alliance estimates that two-thirds of the home computers in the United States do not have any activated firewall, and the same percentage is operating without current anti-virus software
No Responses to “What are good security metrics? Check source then assess relevance”
There are no comments yet...Kick things off by filling out the form below.