Why spend the time, money, and resources on a security metrics program anyway? This section will review the Benefits of a Security Metrics Program
A Lesson for Security Metrics from the Traffic Safety Industry
Starting and maintaining an security metrics program provides three main benefits— visibility, education, and improvement. These benefits can be derived from using metrics not only in the information security industry, but in any industry. Figure 1-5, an example from the traffic safety industry, illustrates the impact of metrics that can be used to help promote seatbelt usage, thereby saving lives.
In 1908, the affordability of Henry Ford's Model T opened car travel to middle-class Americans. That is the year in which automobiles became popular in the United States.
|
Country |
Seatbelt usage |
Traffic Fatality Rates |
|
United States |
75% |
15 per 100,000 |
|
Great Britain |
90% |
6 per 100,000 |
|
Germany |
90% |
9 per 100,000 |
In his 1922 autobiography My Life and Work, Ford recalled saying the following about his game-changing vehicle:
“I will build a car for the great multitude. It will be large enough for the family, but small enough for the individual to run and care for. It will be constructed of the best materials, by the best men to be hired, after the simplest designs that modern engineering can devise. But it will be so low in price that no man making a good salary will be unable to own one—and enjoy with his family the blessing of hours of pleasure in God's great open spaces.”
When cars first became popular, few people worried about automobile safety. Consumers were so excited about being able to travel and the dramatic improvements and changes it made in their lifestyles that safety concerns were an afterthought. In the late 1960s, a few experts recognized the safety issues and pushed for consumer awareness and government legislation. These efforts paid off. Over time, seatbelts have become so culturally embedded that, for most people, putting on a seatbelt is now practically a reflex. The use of metrics to encourage the use of seatbelts was key to achieving this objective, as described next.
Seatbelts originally were not intended as a means of providing safety in an emergency accident scenario. Rather, they were built into automobiles and airplanes for the purpose of keeping the passenger inside the vehicle. The automobile industry in the 1960s did not want to focus much attention on seatbelts because they did not want the public to fear driving. Traffic-related government funding was invested mostly in studying disposal of scrapped cars, and only a very small percentage was dedicated to highway safety.
-Abstract from ‘Security Metrics: A Beginner’s Guide’ by Caroline Wong, CISSP
(Credits and Reference)
Comments