Further developments in measuring security effectiveness

News Analysis

Further developments in measuring security effectiveness

The need for tools to help IT managers assess the effectiveness of their security investments has fuelled another effort to develop worthwhile performance measurement metrics.

The latest organisation to try is a new group called the Security Compliance Council. It has announced plans to create standard measures to assess and benchmark information security performance.

The group, whose founding members include Houston security company BindView, the Computer Security Institute in San Francisco and The Institute of Internal Auditors (IIA), a 100,000-member association in Florida, wants to develop research and survey-based IT security guidelines to help companies figure out what they need to do and how they are faring.

IT managers are usually sceptical as to whether these tools can really be effective. Success usually depends on the quality of the information available, and most people are reluctant to share detailed security information.

Meanwhile, there are variations in the way companies implement and manage security technologies and measure incidents, so adopting someone else's definition of best practice might not always be the right solution. The phrase, “One man's meat is another man's poison”, springs to mind.



Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy