Rating a Company's Security Effectiveness
- By Ginger Hill
- May 26, 2015
It’s easily a billion-dollar industry that we are a part of, and it produces gobs of metrics and data that is supposed to demonstrate its effectiveness. I’m speaking of the security industry; however, it seems that some organizations have trouble analyzing their security efforts to determine if they are producing the results wanted. Needless to say, breaches are inevitable, so how do organizations measure their security’s effectiveness?
Many organizations spend their time counting the number of alerts and breaches. This data is easily plotted onto a graph so the company can analyze if the number of breaches goes up or down within an established time period. But, this really doesn’t say much about the actual security tools that are being deployed.
Here are three qualitative approaches to help organizations understand their networks:
- Average time to respond: how quickly a company’s security team is able to respond to a breach or issue. Obviously, the quicker the better.
- Time to repair: clarifies how quickly and accurate a security risk is mediated.
- Dwell time: how long an attacker is on a company’s network.
Incorporating these three approaches into a company’s security plan provides real insight on how to prepare and plan as well as contain and control threats to minimize overall damage.
About the Author
Ginger Hill is Group Social Media Manager.