1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Measuring security

Discussion in 'CSO' started by RSS, Aug 26, 2016.

  1. RSS

    RSS New Member Member

    Measuring security is sort of like measuring happiness. How do you compare your happiness with someone else’s? Are you happy? Are you happier today than you were yesterday? Will the things that make you happy today make you happy tomorrow? More importantly, will you discover that you thought you were happy, but it was only because of ignorance?

    Measuring security is one of the most difficult tasks a security leader faces. How do you measure something that has no quantifiable definition? There just isn’t an accepted metric by which to measure or compare, yet this is exactly what most board members want to know.

    I always chuckle when I review a new contract for our company that has verbiage that says we must maintain “adequate security”. Do you know what “adequate security” means? I do. It means you haven’t been breached yet. By definition, once you are breached, your security wasn’t adequate. Agreeing legally to maintain “adequate security” is tantamount to legally agreeing to never be breached.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page