Metrics for Security Investment Decisions: Are You Collecting the Right Data?
sponsored by Information Security Decisions sponsored by Scentric, Inc.
Today, organizations often have several -- often conflicting -- objectives when making security investment decisions. Finding the right balance among these objectives and determining which investment strategy best achieves the desired balance depends on a security metrics program that supports the decision process. Unfortunately, despite the proliferation of automated risk, security information management tools and incident response teams, organizations have terabytes of data that provide limited insight into how they should invest. In order to answer the question "Did we make the right security investment decisions," it is important to explicitly identify the objectives and determine which metrics are needed to support the spending process.In this presentation, Carnegie Mellon University professor Shawn Butler shows you how to improve your security metrics program by closing the gap between the metrics you need and the metrics you are collecting.
(THIS RESOURCE IS NO LONGER AVAILABLE.)