Security Metrics: What is a "Metric"?
In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.
There are many important and useful tools related to the metrics landscape; let's take a look at some of them and how they fit together. For the sake of this discussion, I'll stick with the definition of “metrics” that I offered previously:
A metric is some data and an algorithm for reducing and presenting it to tell a story.
Different metrics tools such as statistics, benchmarks and heuristics each have their place in our intellectual landscape, but the underlying principle behind all of them is rooted in The Scientific Method. The method of science is one of humanity's great inventions for controlling and understanding the world around us. The way science works, you attempt to gain understanding of something by hypothesizing some kind of cause/effect relationship in that thing, then hypothesizing how a change in that cause's inputs will affect the outputs. After you've done that, you alter some of the inputs in an experimental set, while leaving another set – the control set – unaltered, and see if the results of the change support or destroy your hypothesis.
Related Articles
Tenable Cloud Security To Help Fed Agencies Tackle Cloud Challenges as It Nears FedRAMP Authorization
July 31, 2024As federal agencies adopt a cloud-first policy, they face unique challenges in securing cloud infrastructure. Learn how Tenable Cloud Security, which is now FedRAMP "In Process," can help.
Tenable Customer Update about CrowdStrike Incident
July 19, 2024Please read this important customer update about CrowdStrike's recent incident.
Tenable Announces Former Senior Administration Officials to Inaugural Public Sector Advisory Board
July 18, 2024Rob Joyce and Mark Weatherford will help Tenable shape federal cyber and AI policy
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Announcements
- Metrics