Storage Informer
Storage Informer

The Sad Story of Information Security Risk Metrics

by on Jul.09, 2009, under Storage

The Sad Story of Information Security Risk Metrics

Risk metrics are the heart and soul of information security indicators.  An increasing proliferation of tools and assessments has emerged, attempting to quantify states of information security.  Given the nature of what is trying to be measured, this is arguably one of the toughest challenges in the metrics space.  The recent trend is for different bodies to develop and publish their own standards, which creates confusion regarding accuracy and applicability.  Why all the turmoil, competing models, and misalignment?  The sad story is (queue the somber violins) we just have not figured out how to measure information security risks very well.

I have seen and applied many different methods, audits, and evaluations with varying degrees of success and disappointment.Current tools and methods lack maturity in this area, for both accuracy and comprehensiveness (and yes, I am guilty of contributing to the pool) No silver bullet exists.Choose wiselyThere is no replacement for a security professionalAn example will help express some of the challenges.Let me be clear, I am a fan and a longtime supporter.But donSo this is a sad story, but one which is not over.


:, , , , ,

Leave a Reply

Powered by WP Hashcash

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...