Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Shock and awe volume metrics do exactly what they say. For example: There are 23,456 unpatched vulnerabilities. But that number has no context or risk consideration by itself.
Says Brian Wrozek, CISO at Optiv: "Is this figure good or bad, normal or shocking, rising or falling? Are the vulnerabilities old or new? Are the vulnerabilities on high- or low-value assets? Are there many vulnerabilities on a few assets or a few vulnerabilities on many assets? All of those contextual signs matter. Unfortunately, context is left out of a lot of the eye-popping security statistics we see."
(Image: tostphoto via Adobe Stock)
Shock and awe volume metrics do exactly what they say. For example: There are 23,456 unpatched vulnerabilities. But that number has no context or risk consideration by itself.
Says Brian Wrozek, CISO at Optiv: "Is this figure good or bad, normal or shocking, rising or falling? Are the vulnerabilities old or new? Are the vulnerabilities on high- or low-value assets? Are there many vulnerabilities on a few assets or a few vulnerabilities on many assets? All of those contextual signs matter. Unfortunately, context is left out of a lot of the eye-popping security statistics we see."
(Image: tostphoto via Adobe Stock)
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio
Tweet This
