TechTarget

Further developments in measuring security effectiveness

The need for tools to help IT managers assess the effectiveness of their security investments has fuelled another effort to develop worthwhile performance measurement metrics.

The need for tools to help IT managers assess the effectiveness of their security investments has fuelled another effort to develop worthwhile performance measurement metrics.

The latest organisation to try is a new group called the Security Compliance Council. It has announced plans to create standard measures to assess and benchmark information security performance.

The group, whose founding members include Houston security company BindView, the Computer Security Institute in San Francisco and The Institute of Internal Auditors (IIA), a 100,000-member association in Florida, wants to develop research and survey-based IT security guidelines to help companies figure out what they need to do and how they are faring.

IT managers are usually sceptical as to whether these tools can really be effective. Success usually depends on the quality of the information available, and most people are reluctant to share detailed security information.

Meanwhile, there are variations in the way companies implement and manage security technologies and measure incidents, so adopting someone else's definition of best practice might not always be the right solution. The phrase, “One man's meat is another man's poison”, springs to mind.

 

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close