Skip to content

Metrics that Motivate

by Trend Micro Employee ‎08-17-2009 06:57 AM - edited ‎08-17-2009 07:31 AM

pub_domain--moriori--carpenters_rule.pngMeasuring Security


Do security metrics help secure IT security

budgets?  Which ones?  IT Security managers

at the Metricon conference in Montreal last

week expressed their view.


What works for you? 


Join the discussion.



Metrics that Motivate


At the MetriCon security metrics conference in Montreal last week, the last panel featured three security managers.  Most of the other talks had been from academics, consultants, and industry security metrics practitioners.  But here on this last panel were three managers "from the trenches" - each the highest ranking security manager for their organization.  The organizations included a near billion-dollar revenue retailer and a near-billion dollar revenue e-commerce business.


One of the questions asked of the panel was this:  Which security metrics are most useful to you for obtaining next year's security budget? 


There was remarkable consensus among the three security managers: The record of security incidents.  According to the panel, executive management is looking for the security manager to be familiar with the organization's security incidents.  Executive management wants metrics that demonstrate not only awareness of security incidents but also that the organization's IT security is successfully coping with these incidents.  The key seemed to be the importance of metrics specific to the organization (instead of metrics of the global threat landscape). 


Successful local coping with security apparently trumps the global fear factor as a motivator for IT security spending.


What metrics are most useful to you in defending your organization's IT security budget?


What currently available metrics are pretty much irrelevant as motivators for security spending?


Are there unavailable security metrics you wish you had come budget time?


Join the discussion.


By using this community you agree to the Participation Guidelines and Terms of Use.

Updated OfficeScan 11.0 Product Support

New Worry-Free Business Security 9.0 Support

Deep Security On Demand: Comprehensive protection for Servers Running on AWS

Trend Micro SafeSync for Business: Securely manage, access and share your files online

Join the 'Bring Your Own Device' Research Project

Join the 'Data Protection' Research Project

Read Message from Trend Micro's CEO - Eva Chen.

About the Author
  • Anthony Arrott is product manager for security analytics at Trend Micro. Among other duties, he coordinates Trend Micro’s participation in external benchmark testing programs that measure the protection commercial security software products provide to their customers. Arrott was Director of Threat Research at anti-spyware vendor InterMute, prior to its acquisition by Trend Micro in 2005. In 2007 Dr. Arrott led the project team for Trend Micro HijackThis v2.0 – enhancing the popular malware diagnostic tool originally developed by Merijn Bellekom. Dr. Arrott earned his degrees at McGill University and M.I.T.
What are other Premium Support Customers talking about?  Learn more

Already a TouchPoint member? Just Sign In