Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Jun 2015, 10:28
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why security metrics aren't helping prevent data loss
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
Official Dog Handler

Joined: 04 May 2005
Posts: 11462
Location: Arizona USA

PostPosted: Fri 26 Jul 2013, 23:08    Post_subject:  Why security metrics aren't helping prevent data loss  

Why security metrics aren't helping prevent data loss
Security metrics are supposedly a way for upper management and IT departments to converse intelligently about in-house security programs. Why aren't the metrics working?

Reported data loss due to security breaches is not slowing down in the least bit, as the graph below (courtesy of DataLossDB.org) vividly points out. What’s more, these statistics only include publicly reported breaches. One can only imagine how many security breaches are unreported by organizations wanting to avoid public scrutiny....

...Security metrics are often misunderstood, being referred to as a measuring process, and that is not the case. Shirley C. Payne in her SANS Institute paper, A Guide to Security Metrics, explains the difference:

Measurements provide single-point-in-time views of specific, discrete factors, while metrics are derived by comparing, to a predetermined baseline, two or more measurements taken over time. Measurements are generated by counting; metrics are generated from analysis. In other words, measurements are objective raw data, and metrics are either objective or subjective human interpretations of those data.

Next, Shirley describes what would be considered a “useful” metric:

“Truly useful metrics indicate the degree to which security goals, such as data confidentiality, are being met, and they drive actions taken to improve an organization’s overall security program.”
Back to top
View user's profile Send_private_message 

Joined: 01 Dec 2011
Posts: 633
Location: Kamloops BC Canada

PostPosted: Sat 27 Jul 2013, 04:28    Post_subject: Why security metrics aren't helping prevent data loss  


A useful metric depends on accurate measurement. A metric may not be very meaningful if a significant number of security breeches are not being reported by many companies.

A useful metric really depends on useful measurement. While it is useful to determine the number of security breeches a company suffers within a given period, it is more useful to measure the different kinds of security breeches (classification).

Beyond that, metrics cannot by itself be very effective in helping to prevent data loss because the matter of security is an on-going challenge. Metrics provide a better look at the past than a glimpse at the future, because security issues are ever evolving... So it is difficult to make accurate predictions, and take all necessary pro-active steps in order to stop data loss down the road.

All in all, the crux is that one is dealing with an open ended kind of problem here, and so measurement and metrics can only ever be a part of the solution toward preventing data loss. That said, the manner in which we use measurement and metrics can be improved without a doubt.

Just some more food for thought,

My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0459s ][ Queries: 11 (0.0061s) ][ GZIP on ]