Benefits of a Security Metrics Program

Why spend the time, money, and resources on a security metrics program anyway? This section will review the Benefits of a Security Metrics Program 

13111867865?profile=RESIZE_710x

A Lesson for Security Metrics from the Traffic Safety Industry 

Starting and maintaining an security metrics program provides three main benefits— visibility, education, and improvement. These benefits can be derived from using metrics not only in the information security industry, but in any industry. Figure 1-5, an example from the traffic safety industry, illustrates the impact of metrics that can be used to help promote seatbelt usage, thereby saving lives.

In 1908, the affordability of Henry Ford's Model T opened car travel to middle-class Americans. That is the year in which automobiles became popular in the United States.

Country

Seatbelt usage

Traffic Fatality Rates

United States

75%

15 per 100,000

Great Britain

90%

6 per 100,000

Germany

90%

9 per 100,000

 

In his 1922 autobiography My Life and Work, Ford recalled saying the following about his game-changing vehicle:

“I will build a car for the great multitude. It will be large enough for the family, but small enough for the individual to run and care for. It will be constructed of the best materials, by the best men to be hired, after the simplest designs that modern engineering can devise. But it will be so low in price that no man making a good salary will be unable to own one—and enjoy with his family the blessing of hours of pleasure in God's great open spaces.”

 

When cars first became popular, few people worried about automobile safety. Consumers were so excited about being able to travel and the dramatic improvements and changes it made in their lifestyles that safety concerns were an afterthought. In the late 1960s, a few experts recognized the safety issues and pushed for consumer awareness and government legislation. These efforts paid off. Over time, seatbelts have become so culturally embedded that, for most people, putting on a seatbelt is now practically a reflex. The use of metrics to encourage the use of seatbelts was key to achieving this objective, as described next.

Seatbelts originally were not intended as a means of providing safety in an emergency accident scenario. Rather, they were built into automobiles and airplanes for the purpose of keeping the passenger inside the vehicle. The automobile industry in the 1960s did not want to focus much attention on seatbelts because they did not want the public to fear driving. Traffic-related government funding was invested mostly in studying disposal of scrapped cars, and only a very small percentage was dedicated to highway safety.

 

-Abstract from ‘Security Metrics: A Beginner’s Guide’ by Caroline Wong, CISSP

(Credits and Reference)

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

Best of the World Talks on The CISO's Journey: From Expert to Leader

  • Description:

    We are hosting an exclusive "Best of the World" Talks session on "The CISO’s Journey: From Expert to Leader" featuring David B. Cross (SVP & CISO at Oracle), Bikash Barai (Co-founder of CISO Platform & FireCompass) & David Randleman (Field CISO at FireCompass).

    The journey from cybersecurity expert to strategic leader is a transformative one for CISOs. This session delves into the stages of a CISO’s evolution, the balance…

  • Created by: Biswajit Banerjee
  • Tags: ciso