Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

IT's security metrics and reporting problem: A communication failure

Elden Nelson | Jan. 23, 2015
A new challenge for IT is to develop security metrics and reporting that effectively communicate the successes, failures and potential risks of a security program to business audiences in the enterprise.

Aggregate security products for seamless metrics and better communication. Security metrics and reporting can be improved if IT teams aggregate security point solutions to provide a seamless holistic risk rating; and then create the metrics to demonstrate the impact of security on business. As the move towards adoption of security as a service (SaaS) solutions gathers pace, security teams can start to insist on the provision of usable metrics as part of the partner agreement.

Security has moved to the central business functions--it's no longer just an IT issue. The National Association of Corporate Directors published a handbook to give cyber-risk advice to members. It says, "Discussion of cyber-risks between boards and senior managers should include identification of which risks to avoid, accept, mitigate or transfer through insurance as well as specific plans associated with each approach." This point highlights the need for discussion between security teams and the board. This shows that business leaders are ready to add important security and risk to the heart of other high-level business areas, such as profitability, revenue growth and product innovation.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.