Why Security Metrics Miss the Mark

 
 
By Karen A. Frenkel  |  Posted 08-08-2016 Email
 
 
 
 
 
 
 
 
 
 

A majority of IT security executives are only somewhat confident in their enterprise's security, according to a new survey. One-third of respondents are confident in their security posture and one-quarter said they communicate effectively about security metrics and posture to senior management. These executives continue to rely mainly on quantitative metrics aimed at preventing breaches. "With security spending continuing to skyrocket, it's more important than ever to be able to report on metrics that matter, not just quantitative metrics like counting breaches," said Ed Hammersla,Chief Strategy Officer and President, Federal Division, Forcepoint.

"To be more confident, we need to shift our thinking to metrics such as dwell time, or reducing the time the threat is in our network, which reduces damage and helps strengthen our overall security posture." The main take away: intruders can do more damage the longer they poke around and move laterally within a network. If an organization limits the time a threat exists, it will minimize damage. The study, "Why Executives Lack Security Posture of Confidence," was conducted by Forcepoint and included 100 responses from American IT security executives.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...