Interesting article on Information Security and the lack of quantifiable metrics. I like the following paragraph:
“Regardless of legal compliance, it is a pretty good idea to be able to measure the adequacy of in-place security controls, policies and procedures anyway. How else do we know if our existing controls are giving us any benefit or if we have shortfalls?”
The article makes also some reference to possible source of metrics for Information Security that might be of interest for anyone currently in the process of defining those kinds of measurements.
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.
Leave a response below, or send a trackback from your own site.
