Security Metrics Are Undervalued, Misunderstood

Keeping your corporate network secure is arguably the most important aspect of any CIO’s job. But a new study from risk-based security compliance company Tripwire seems to indicate that determining the metrics for security and conveying to the business side what it takes to keep a company safe is quite difficult. And when security and its importance cannot be conveyed to the business side, security itself suffers. “Chief Information Security Officers talk about the importance of leveraging metrics as a way to influence business leadership and build a risk management practice within their companies,” says Rekha Shenoy, vice president of marketing at Tripwire. “Unfortunately, they struggle with the bigger challenge of producing meaningful metrics while those they use are rarely aligned with business goals.” In other words, there’s a communication problem in the enterprise. And unfortunately, the communication problem is directly tied to corporate security. Tripwire’s study, which includes responses from more than 1,300 IT professionals, reveals a profound disconnect between business and IT when it comes to conveying security’s importance in the enterprise.


Communication Is Lacking  Another revelation that might concern IT pros: 40% of them say the only time they talk about security with senior executives is when a security incident has occurred.

This article was originally published on 08-08-2013
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

Click for a full list of Newsletterssubmit