BEST OF THE WEB

Security by the numbers

Securing the enterprise is more than making sure everything is patched. Metrics are an essential tool for knowing where you’ve been, where you are and where you’re going.

If you haven’t learned that yet as an administrator, you’ll learn the hard way it will be expected from the CEO.

If you’re not already a metrics master, you’ll learn some valuable lessons from a security manager who writes under the pseudonym Mathias Thurman for Computerworld U.S.  The metrics he collects have to be specific, meaningful, actionable, repeatable and time-dependent (for those who can’t see it, they spell SMART).

Note that just because his company has outsourced its operations centre hasn’t stopped “Thurman” from setting up a security operations centre to keep on top of IT security. Presumably, everything could have been turned over to a managed security provider, but his firm decided that should be kept in house.

So once a quarter he produces a report on the patch and antivirus compliance of the DMZ and production infrastructure. Once or twice a year there’s a report on the amount of security budget spent per employee, the number of security head count as a percentage of IT, and the percentage of security budget as a percentage of the IT budget. These are compared with estimates of spending by competitors and other industry analyst benchmarks.

Some metrics come from logs. But others are complied by Thurman himself with the help of his security analysts because the company’s trouble ticket system isn’t sophisticated enough to give the metrics he wants to track incidents. This way malware trends and false positives can be closely watched and reacted to.

In other words, sometimes you have to do things yourself. But the metrics they generate will help a good security administrator get the numbers right.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web