Skip to Main Content

Security Metrics and Management

Posted on 7.27.2013

Risk-based security and compliance management solution TripWire released results of a study which examined the metrics that IT security professional used most frequently to gauge the effectiveness of the overall security efforts of their organization. 

In the compliance arena specifically, leading metrics included mean time-to-patch (49 percent); policy violations (33 percent); and reduction in audit findings and repeat findings (27 percent). The Tripwire study also found that only 19 percent of respondents viewed the number of records or files detected as compliance infractions, and only 16 percent identified reduction in expired certificates — including SSL and SSH keys — as an effective metric.

“There’s a strong correlation between security products and metrics,” noted Tim Erlin, director of IT and risk strategy for Tripwire. “Organizations most often build security metrics programs from the data up, rather than the business down, resulting in metrics supported by available security products, rather than focusing on those metrics that are meaningful to the business.”

Today's Top Picks for Our Readers:
Recommended by Recommended by NetLine

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up


Leave a comment
    Load more comments
    New code