Security metrics can be useful in in many ways; they can be used to prove ROI to the C-suite, to assess your security strategy’s effectiveness, and to stop attacks before they happen.
Of course, you can only benefit from your security metrics if you sift through the massive amount of data and find the important security metrics – the metrics that matter.
4 important security metrics
If you are overwhelmed by your metrics to the point of being passive about them, you are not alone. An April 2014 survey of nearly 600 IT and security professional conducted by the Ponemon Institute found that 8 out of 10 respondents believe that it is important to have metrics that are aligned with business goals. But, only 43% said the metrics that are actually used today do little to convey the true state of security in an organization while 11% said they were unsure how effective their metrics were.
If you are unsure of where to start when it comes to metrics, here are 4 important security metrics to watch:
1. Percentage of security incidents detected by an automated control
This is a good metric to watch for two major reasons:
- First, by watching and analyzing this metric you learn about how incidents are detected. This information can help you determine weak spots in your system and fix them.
- Second, knowing how effective your automation is allows you to push the c-suite for new tech or new employees to help fix the weak spots.
2. False-positive reporting
Another way to detect the effectiveness of your automation system is to track the false-positive reporting rate. If your automation is reporting a high number of false-positive attacks, you could be wasting your team’s precious time and resources. Often, the problem can be fixed by tuning your system. You can take training on how to fine tune your automation and/or use what you learned by studying how the system correctly spots attacks.
3. Windows of exposure
While it is important to determine vulnerabilities, it is just as important to address them. A window of exposure is how many days an application remains vulnerable to known threats. Ideally, this number should be as close to zero as possible. As soon you find a vulnerability, you should begin working to fix it.
4. Duration of attack
So someone took advantage of a window of exposure. Hopefully, the duration of the attack was short because you spotted it and moved fast. Your whole team needs to know and understand this number so they can determine ways to improve vulnerability mitigation and incident response.
To prevent yourself from passively looking at metrics, when you look at the above metrics, and other metrics you have deemed important, ask yourself “what will I do now that I see this metric?”
How are you using your security metrics?