There are many different metrics that help to define a successful data security strategy. The specific metrics and goals will differ from one organization to the next depending on their goals and customer needs. The recent data breach at Target outlines the importance of data security. Organizations should periodically review their metrics and make adjustments to them in order to stay ahead of any gaps in their process. “The task of developing a methodology to measure the effectiveness of information security program can be difficult and is considered more an art than a science as the specialist's experience plays a significant role in how the evaluation is performed” Drugescu & Etges (2006) p.37. This paper will explore just a few of the many different metrics that are prevalent throughout the business world that help to measure the performance of their data security stratagies.
Berinato (2005) gives us a few different metrics to review. The first is baseline defenses dcverage. This is the virus, spyware, firewall tools that an organization uses to protect its data. Constant monitoring of the network will product data on how many times threats are detected within the network. Berinato (2005) tells us this metric is usually expressed in a percentage. By monitoring the threats encountered an organization can determine the areas of weakness and make the proper corrections. Once the corrections are in place continued reporting will allow the organization to stay ahead of emerging threat trends and keep their network secure.
Another metric is patch latency. This refers to the amount of time from the development of a software patch to the time it is installed on all machines. Without the most current security patches an organizations network is at risk of malicious software compromising their data security. Monitoring the network for users that have outdated patches or multiple missing patches can help the IT security department identify issues with their deployment strategy. By understanding the situations surrounding the machines that are not up to date they can formulate a better deployment plan that covers a larger percent of the network.
Password strength is another key metric for anyone interested in data security according to Berineto (2005). Even the most secure networks can be compromised by weak passwords. By implementing fairly simple logic for password management an organization can significantly harden their network. Berinato tells us that one of the best...