aarrott
- edited
Do security metrics help secure IT security
budgets? Which ones? IT Security managers
at the Metricon conference in Montreal last
week expressed their view.
What works for you?
Join the discussion.
Metrics that Motivate
At the MetriCon security metrics conference in Montreal last week, the last panel featured three security managers. Most of the other talks had been from academics, consultants, and industry security metrics practitioners. But here on this last panel were three managers "from the trenches" - each the highest ranking security manager for their organization. The organizations included a near billion-dollar revenue retailer and a near-billion dollar revenue e-commerce business.
One of the questions asked of the panel was this: Which security metrics are most useful to you for obtaining next year's security budget?
There was remarkable consensus among the three security managers: The record of security incidents. According to the panel, executive management is looking for the security manager to be familiar with the organization's security incidents. Executive management wants metrics that demonstrate not only awareness of security incidents but also that the organization's IT security is successfully coping with these incidents. The key seemed to be the importance of metrics specific to the organization (instead of metrics of the global threat landscape).
Successful local coping with security apparently trumps the global fear factor as a motivator for IT security spending.
What metrics are most useful to you in defending your organization's IT security budget?
What currently available metrics are pretty much irrelevant as motivators for security spending?
Are there unavailable security metrics you wish you had come budget time?
Join the discussion.
By using this community you agree to the Participation Guidelines and Terms of Use.
New! Deep Security On Demand: Comprehensive protection for Servers Running on AWS
Trend Micro SafeSync for Business: Securely manage, access and share your files online
Join the 'Bring Your Own Device' Research Project
-
Product Manager, Security Analytics
-
Anthony Arrott is product manager for security analytics at Trend Micro. Among other duties, he coordinate
s Trend Micro’s participat ion in external benchmark testing programs that measure the protection commercial security software products provide to their customers. Arrott was Director of Threat Research at anti-spywa re vendor InterMute, prior to its acquisitio n by Trend Micro in 2005. In 2007 Dr. Arrott led the project team for Trend Micro HijackThis v2.0 – enhancing the popular malware diagnostic tool originally developed by Merijn Bellekom. Dr. Arrott earned his degrees at McGill University and M.I.T.
Copyright (c) 1989-2012 Trend Micro Incorporated. All rights reserved.
You must be a registered user to add a comment here. If you've already registered, please log in. If you haven't registered yet, please register and log in.