Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Thursday, March 12, 2009
Better metrics needed for security, says expert
The security industry has done a poor job of finding ways for companies to measure their security, but that does not mean that collecting data is not valuable, the former head of the U.S. Department of Homeland Security’s cyber group told attendees at the SOURCE Boston conference on Thursday.
Amit Yoran, CEO of security firm NetWitness and the former director of the National Cyber Security Directorate at the DHS, criticized today’s risk management practices.
The security industry is awash in bad data, and companies that attempt to use the metrics could take the wrong actions, he said.
The process requires that executives work with their security group to find the right way to measure security for that specific company, he said.
“Set the expectations that a lack of due care is not going to be tolerated.”