Upload
amiableindian
View
1.694
Download
1
Embed Size (px)
DESCRIPTION
What are the Business Security Metrics?
Citation preview
What are the Business Security Metrics?
Shawn A. ButlerPresident, MSB Associates Inc.
703-628-2195
Balance Security Objectives
The Value of Reducing Risk
• If Security Risk Management is a Business Decision, then we need to understand the cost and the value
• What is the Cost?– Frequency and Impact!– What are organizations collecting?
• Frequency!
Example of Collected Data
0
10
20
30
40
50
60
70
UnauthorizedAccess
Probes Denial ofService
Viruses
Where is the impact?
Little Assessment of Security Controls
What information do you need?
Goal – Question - Metric
• Goal: Reduce confidentiality risks to sensitive data?
• Questions: – What are my greatest risks to this type of
data?– Who has access to this data?– What is the likely impact?
• Metrics????