Securing Security Metrics, Critical for Enterprise

• Email
• Print
• ( 0 )
• 

Today’s Enterprise segment needs to seriously look towards taking a metrics driven approach when it comes to enabling security infrastructure.

In recent times and years, IT managers and teams of information security executives at big and even small organizations and enterprises have become increasing aware of the strategic value that is derived from accepting centralized metrics initiatives. It is widely accepted that metrics can help IT and security organizations reliably measure, monitor and communicate the effectiveness and business impact of IT governance, risk and compliance initiatives. Even then, few have implemented this necessary and effective management tool at an enterprise level.

It is not uncommon for different business areas to develop their own solutions for the same requirement or for IT to deploy multiple technologies to address a common issue. Not only do these separate initiatives create inefficiency, but these silos also make it hard to assess and manage risks holistically.

As a result, there is a growing demand for solutions to help IT organizations effectively break down these silos or vacuums and create a centralized approach towards managing risk and compliance issues, while simultaneously ensuring good governance at the enterprise level.

There are certain critical steps of any metrics initiative, as outlined by the globally recognized SANS (SysAdmin, Audit, Network, Security) Institute. There should be an effective process for implementing these steps with a goal of driving positive change in security behaviors, processes and investments for the benefit of the organization and even its set of customers.

Structure of Metrics

When we talk about metrics and measurements, these are two seemingly different concepts in general. Measurements are generated by counting and provide specific views of discrete data factors. While metrics, on the other hand, are generated with the help of analysis. They are derived from measurements, to which contextual information has been added for comparison and arriving at an analysis, such as to a predetermined baseline, or observing trends over time.

And most importantly, metrics indicate the degree to which goals are being met and they drive future actions which are needed in order to improve organizational processes, such as the percentage of critical systems that meet policy standards for host hardening. Moving forward, this is surely going to be they way forward for the enabling enterprise security.