Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 01 Sep 2014, 04:25
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why security metrics aren't helping prevent data loss
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [2 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11031
Location: Arizona USA

PostPosted: Fri 26 Jul 2013, 23:08    Post subject:  Why security metrics aren't helping prevent data loss  

Why security metrics aren't helping prevent data loss
Quote:
Security metrics are supposedly a way for upper management and IT departments to converse intelligently about in-house security programs. Why aren't the metrics working?

Reported data loss due to security breaches is not slowing down in the least bit, as the graph below (courtesy of DataLossDB.org) vividly points out. What’s more, these statistics only include publicly reported breaches. One can only imagine how many security breaches are unreported by organizations wanting to avoid public scrutiny....

...Security metrics are often misunderstood, being referred to as a measuring process, and that is not the case. Shirley C. Payne in her SANS Institute paper, A Guide to Security Metrics, explains the difference:

Measurements provide single-point-in-time views of specific, discrete factors, while metrics are derived by comparing, to a predetermined baseline, two or more measurements taken over time. Measurements are generated by counting; metrics are generated from analysis. In other words, measurements are objective raw data, and metrics are either objective or subjective human interpretations of those data.

Next, Shirley describes what would be considered a “useful” metric:

“Truly useful metrics indicate the degree to which security goals, such as data confidentiality, are being met, and they drive actions taken to improve an organization’s overall security program.”
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Sat 27 Jul 2013, 04:28    Post subject: Why security metrics aren't helping prevent data loss  

Hmmm....

A useful metric depends on accurate measurement. A metric may not be very meaningful if a significant number of security breeches are not being reported by many companies.

A useful metric really depends on useful measurement. While it is useful to determine the number of security breeches a company suffers within a given period, it is more useful to measure the different kinds of security breeches (classification).

Beyond that, metrics cannot by itself be very effective in helping to prevent data loss because the matter of security is an on-going challenge. Metrics provide a better look at the past than a glimpse at the future, because security issues are ever evolving... So it is difficult to make accurate predictions, and take all necessary pro-active steps in order to stop data loss down the road.

All in all, the crux is that one is dealing with an open ended kind of problem here, and so measurement and metrics can only ever be a part of the solution toward preventing data loss. That said, the manner in which we use measurement and metrics can be improved without a doubt.

Just some more food for thought,
Monsie

_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [2 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0618s ][ Queries: 12 (0.0188s) ][ GZIP on ]