Musings on Information Security :: Trap of security measurement

This Month

Month Archive

October 2006
September 2006
August 2006
July 2006
June 2006

Main Page

Photos

Simplified Security: Security 101

Quotable security quotes

BS7799

Guest Column

Interview

Secure Personal Computing

Security Awareness Training

Good Security Customer

Security Initiative

security

RSS Newsfeeds

Main Page RSS

This work is licensed under a Creative Commons Attribution 2.5 License.

Main Page

Previous:	Guerilla Threat modelling
Next:	Trap of security measurement

Trap of security measurement

by RaviC on Sat 12 Aug 2006 08:11 PM PDT | Permanent Link | Cosmos

Wise men say: If you cannot measure, you cannot improve.

Take for example the anti-virus metrics. If the number of virus detected last month was 20,000 and this month it is 30,000 - should the management celebrate the effectiveness of their anti-virus software and leave it at that?

Increased number of virus detected can be a good thing because the anti-virus has caught more viruses. At the same time it could be a bad thing because it could be indicative of email spam(and/or virus) filtering software has become weak because of the increased sophistication of the attack. May be many systems were left unpatched from a recent vulnerability.

The %increase or %decrease in the numbers does not mean much unless you take the holistic view of the whole security scenario. The trick is getting out of the trap of numbers.

Posted to:

Main Page