- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Dude! You Say I Need an Application-Layer Firewall?!
Why Security SaaS Makes Sense Today
Understanding Email Marketing: A Guide for SMBs
CRM your salespeople will love
Web Security SaaS: The Next Generation of Web Security
Radicati Market Quadrant 2008 on Corporate Web Security
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Newsletter Subscription
Information security metrics don't have to rely on heavy-duty maths to be effective, but they also don't have to be dumbed down to red, yellow, green. Here are six smart measurements - and effective ways to present them.
Metrics have a bad rep. Mention metrics to a CIO or infosecurity executive and immediately their thoughts may well turn to sigmas, standard deviations and, probably, probability. To many, metrics equals statistics.
There's no denying that proven economic principles can - and should - be applied to information security investments. At the same time, a bumper crop of valuable metrics exist that don't require classes on Nobel Prize-winning theories or a working knowledge of the Greek alphabet. You've actually already sowed the seeds of these less dense but equally valuable metrics. They're sitting in your log files, on your network, in the brains of your business unit managers, just waiting to be harvested. You won't need computational prowess to exploit this crop's value, just some legwork and - this is key - the most effective presentation tools.
Here we discuss six such metrics, along with some ways to present them visually, as imagined by Andrew Jaquith. Jaquith is a co-founder of the consultancy @stake (which was bought in 2004 by Symantec) and a protege of infosecurity guru Dan Geer. At @stake he invented a popular analytic methodology that is used to evaluate a client's risk in its application portfolio. He's since left Symantec and joined The Yankee Group. More recently he started Securitymetrics.org, a Web site open to all security professionals for sharing, contributing and advancing the use of metrics in information security. He's also writing a book, Security Metrics, due out later this year.
Jaquith has sharp, sometimes contrarian opinions on what makes a good metric and what makes for good presentation of metrics. For example, he thinks annual loss expectancy (ALE), a tool used to measure potential losses against probability of losses occurring over time, is useless, because in infosecurity, the L and the E in ALE are wild guesses. Quoting Geer, he says: "The numbers are too poor even to lie with."
He also thinks CIOs and CISOs are too apt to dumb down visual representations of metrics for their executive counterparts, mistaking simplicity for clarity. He holds a particular grudge against the overuse of the "red, yellow, green" representation of metrics to signify high, medium and low numbers. "A CEO's favourite visualization of metrics is a stock chart, a 2.5cm square that contains a month's worth of opening and closing prices, a trend line and several other indicators. Maybe 50 or more data points right there. Don't tell me they can't handle complex data. They can, as long as it's presented well."
By no means does Jaquith (or CIO for that matter) think these five metrics are the final word on infosecurity. Quite the contrary, they're a starting point, relatively easy to ascertain and hopefully smart enough to get CIOs thinking about finding other metrics like these, out in the vast fields of data, waiting to be reaped.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Corporate security and the climate crisis 03 October, 2008 11:21:00
How to adapt security and risk management policies - including IT security - to deal with climate change.US military strategists, CIA analysts, international agency officials and Nobel Prize winning economists concur with the consensus of the world's scientific community: the Climate Crisis is a planetary security issue, as well as a national security issue for each of the one hundred ninety two countries that belong to the United Nations. But the Climate Crisis is also, by extension, a corporate security issue, as well as, yes, a cyber security issue. - +
Companies own up to virtual security blind spot 02 October, 2008 11:05:00
VMWorld attendees reveal vast majority of companies have little or no security in place for their virtual systems.The vast majority of companies have little or no security in place for their virtual systems. That is a scary statistic revealed in a survey of attendees at the recent VMWorld 2008 conference in Las Vegas. - +
How to minimize the impact of a data breach 01 October, 2008 08:54:00
ID Experts' Rick Kam describes a customer-centric action planThirty-one percent of customers--nearly one-third of a company's client base and revenue source--are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute. - +
Five mistakes security pros would make again 30 September, 2008 10:18:00
Whether it's getting fired for standing up for what's right or making a network configuration mistake that leads to better security, there are some mistakes worth making. Five security pros offer personal examples.Ten years ago, Michael Riva was network administrator for a top-five American consultancy. Employees were downloading graphic pictures and videos onto the network. Riva told his boss a proxy server with content filtering might be in order; his boss laughed and suggested they put in a bigger file server instead. - +
What does the financial meltdown mean for security? 29 September, 2008 10:25:00
Bill Brenner wonders if it's irrational or appropriate to make connections between the current financial crisis and the state of securityAt first, this was going to be a column about the PR machine's hyperbolic efforts to connect the state of IT and security with the current financial crisis. Indeed, some have shamelessly sent me story pitches that try to get some bang out of the Wall Street meltdown.
Multimedia Technology & EVERKI sign exclusive distribution agreement. 06 October, 2008 14:34:00
ONCE A YEAR OPPORTUNITY TO SPEAK TO THE VENDORS! 06 October, 2008 13:48:00
New IBM Cognos Analytic Application Enables Quick, Actionable Insights Into Financial Performance 03 October, 2008 14:41:00
Verizon Business Data-Breach Report Examines Industry-Specific Challenges 03 October, 2008 12:24:00
IBM Launches Cognos 8 v4 - New Business-Driven Performance Management Software 02 October, 2008 12:02:00
|
||
|
||
|
|
||
|
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Web 2.0 applications are all the rage, offering us tremendous value when it comes to collaboration and communication. They also open us up to new kinds of attacks however, and can cause problems in keeping systems and data secure. Read on to learn about the new attack methods and how you can defend yourself and your business.
Subscribe to CIO
