- Monday November 27th, 2006
I have seen Amrit Williams speak a couple of times at Gartner. So I read with interest his recent wading into arguments on security metrics. I especially liked this mockery of the position that there are no security metrics: Apparently measuring security is like anal probing. Aliens, with their advanced technology, have cracked the space/time continuum but apparently the mysteries of the human rectum still elude them security metrics are like the ass of IT, with all our advances it still eludes us. I confess I am a big fan of security metrics - providing they are the right metrics and that they: a) Actually measure something b) Actually demonstrate the ROI on security that the business is getting for their dollars (and oh yes they are the businesses dollars never forget) c) Can’t be gamed or played (see pretty much every Operational availability figure ever published) Overall, it’s a well reasoned article and I look forward to his whitepaper on the topics of specific metrics. I recommend that if you have an interest in security metrics that you give it, and the articles linked in it, a good read.
blog comments powered by Disqus
