Security Metrics Consortium Formed | eWeek

Security Metrics Consortium Formed

Écrit par
Mark Hachman
Mark Hachman
Feb 25, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

SAN FRANCISCO—A collection of chief information security officers have formed an independent think tank to develop quantitative metrics for network security.

The Security Metrics Consortium, or SecMet, hopes to remove some of the fuzziness that quantitative assessments of a companys security preparedness can offer. Attaching numbers to a networks security will help a chief information security officers counterpart in the finance department assess whether the companys security strategy is working, members of the group said Tuesday.

By this summer, the group hopes to establish a framework for a quantifiable security metrics that SecMet can roll out at a later date, possibly by the end of the year. William Boni, chief information security officer for Motorola Inc., will head SecMet as chairman, with Patrick Heim, vice president of Internet security at McKesson Corp., serving as vice chairman.

The challenge will be to deliver a baseline quantitative security metric for management to assess, Boni said at a press conference here at the RSA Conference. Qualitative assessments of security are much more common, basing their analysis on surveys. “Were going to leverage something were doing anyway,” Boni said.

Ray Wagner, a security analyst for Gartner Inc., said Tuesday that companies are expected to spend about 5 percent of their 2004 IT budgets on security.

Currently, SecMet includes representatives from Macromedia Inc., AmSouth Bank, Amgen and Foundstone Inc. However, the group will be vendor-neutral, and Boni said he believes the consortium will serve as more of a think tank than regulatory agency. SecMet is currently recruiting members, and interested parties can sign up at the SecMet web site.

Stuart McClure, president and chief technology officer of Foundstone, said the consortium will take a “vulnerability-centric” approach to assessing network security. Examples of what the framework could measure include the duration and penetration of viruses on a network, as well as the number of physical devices that are attached to a network, he said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.