Security Metrics Consortium Formed
A group of chief information security officers have formed an independent think tank to develop quantitative metrics for network security.SAN FRANCISCOA collection of chief information security officers have formed an independent think tank to develop quantitative metrics for network security. The Security Metrics Consortium, or SecMet, hopes to remove some of the fuzziness that quantitative assessments of a companys security preparedness can offer. Attaching numbers to a networks security will help a chief information security officers counterpart in the finance department assess whether the companys security strategy is working, members of the group said Tuesday. By this summer, the group hopes to establish a framework for a quantifiable security metrics that SecMet can roll out at a later date, possibly by the end of the year. William Boni, chief information security officer for Motorola Inc., will head SecMet as chairman, with Patrick Heim, vice president of Internet security at McKesson Corp., serving as vice chairman.
The challenge will be to deliver a baseline quantitative security metric for management to assess, Boni said at a press conference here at the RSA Conference. Qualitative assessments of security are much more common, basing their analysis on surveys. "Were going to leverage something were doing anyway," Boni said.