Security Metrics Are Undervalued, Misunderstood

By Don Reisinger  |  Posted 08-08-2013
Print this article   Print this article

Keeping your corporate network secure is arguably the most important aspect of any CIO’s job. But a new study from risk-based security compliance company Tripwire seems to indicate that determining the metrics for security and conveying to the business side what it takes to keep a company safe is quite difficult. And when security and its importance cannot be conveyed to the business side, security itself suffers. “Chief Information Security Officers talk about the importance of leveraging metrics as a way to influence business leadership and build a risk management practice within their companies,” says Rekha Shenoy, vice president of marketing at Tripwire. “Unfortunately, they struggle with the bigger challenge of producing meaningful metrics while those they use are rarely aligned with business goals.” In other words, there’s a communication problem in the enterprise. And unfortunately, the communication problem is directly tied to corporate security. Tripwire’s study, which includes responses from more than 1,300 IT professionals, reveals a profound disconnect between business and IT when it comes to conveying security’s importance in the enterprise.

Not Viewed As Important Enough  Another problem that 48% of IT professionals are encountering is that the business side doesn’t believe security is nearly as important as other “pressing issues.”

Security Metrics Are Undervalued, Misunderstood
 
 
Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.
 
 
 

Submit a Comment

Loading Comments...