{"id":887,"date":"2009-03-12T00:00:00","date_gmt":"2009-03-12T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2009\/03\/12\/better-metrics-needed-for-security-says-expert\/"},"modified":"2021-12-30T11:38:19","modified_gmt":"2021-12-30T11:38:19","slug":"better-metrics-needed-for-security-says-expert","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2009\/03\/12\/better-metrics-needed-for-security-says-expert\/","title":{"rendered":"Better metrics needed for security, says expert"},"content":{"rendered":"<p>The security industry has done a poor job of finding ways for companies to measure their security, but that does not mean that collecting data is not valuable, the former head of the U.S. Department of Homeland Security&#8217;s cyber group told attendees at the SOURCE Boston conference on Thursday.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amit Yoran, CEO of security firm NetWitness and the former director of the National Cyber Security Directorate at the DHS, criticized today&#8217;s risk management practices.<\/p>\n<p>The security industry is awash in bad data, and companies that attempt to use the metrics could take the wrong actions, he said.<br \/>\nThe process requires that executives work with their security group to find the right way to measure security for that specific company, he said.<br \/>\n&#8220;Set the expectations that a lack of due care is not going to be tolerated.&#8221;<\/p>\n<p>http:\/\/www.securityfocus.com\/brief\/926?ref=rss<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-887","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=887"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/887\/revisions"}],"predecessor-version":[{"id":3374,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/887\/revisions\/3374"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}