Sciweavers

ACSAC
2009
IEEE

The Good, the Bad, And the Ugly: Stepping on the Security Scale

14 years 7 months ago
The Good, the Bad, And the Ugly: Stepping on the Security Scale
: Metrics are both fashionable and timely: many regulations that affect cybersecurity rely upon metrics – albeit, of the checklist variety in many cases – to ascertain compliance. However, there are far more effective uses of security metrics than external compliance exercises. The most effective use of security metrics is to manage better, which may include: • Make a business case for needed change • Focus scarce resource on most pressing problems (with the biggest payoff for resolution) • Help spot problems early - or successes early • Address “outside” concerns or criticisms fairly and objectively A successful security metric should: • Motivate good/correct behavior (not promote evasive tactics just to make the numbers look good) • Prompt additional questions (“Why? How?”) to understand what is influencing the numbers • Answer basic questions of goodness (e.g., “Are we doing better or worse?”) • Be objective and measurable, even if correlation may not...
Mary Ann Davidson
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2009
Where ACSAC
Authors Mary Ann Davidson
Comments (0)