Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Image: Adobe Stock
Security metrics are one of the key pillars of establishing a mature cybersecurity program. We’ve spilled a lot of digital ink over the years at Dark Reading discussing some of the top security metrics that organizations should consider collecting and analyzing. But are all security metrics good ones? According to Caroline Wong, security initiative director at Cigital, the short answer is, ‘Nope!’ She’s seen organizations waste resources on measuring things that don’t really matter to the business and do nothing to help drive improvement.
“I've really been doing security metrics for about ten years, so I've had more time to think about stuff,” she says. “And one of the things that I've realized is that there are some metrics which organizations track that I really just don't think are useful.”
Caroline gave us the lowdown on metrics effectiveness. She started by offering some key sniff tests for determining if your metric is a stinker. Then she offered up some examples of ineffective metrics, as well as alternatives that will better help move the needle for security.
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Tweet This
1 Comments
