Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

5/17/2016
04:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Security By The Numbers Launches IT Security Measurement Index and Collaborative Group

Online resource behind benchmark survey promises to help companies measure the effectiveness of cybersecurity and share best practices

WASHINGTON, DC – MAY 12, 2016 – How well are you able to measure your cyber security efforts compared to those of your colleagues?  That’s the question a new organization of security professionals hopes to answer through a collaborative website at www.securityBTN.org. Comprised of forward-thinking IT security professionals and businesses, Security by the Numbers has introduced its first benchmark survey called the Security Measurement Index (SMI). As a free online survey, the SMI allows participants to track and define how well one’s organization is measuring the effectiveness of its IT security---and compare their answers with other survey participants. 

Information security professionals can take the free survey in about 15 minutes by visiting www.securitybtin.org/survey. Participants get an immediate grade (A through F) upon completing the survey, along with a follow up email that includes a report on how their answers compared with their colleagues who have taken the survey.

Based on ISO 27000 international standards and input from an advisory board of security professionals, the Security Measurement Index provides:

  • An easy to understand benchmarking tool for judging how your organization’s security measurement practices compare to those at other companies
  • A global assessment of IT security measurements from a business management perspective
  • A basis for developing security measurement best practices to help make cyber security more effective and efficient.

“By participating in the survey, members are offered a simple benchmarking tool for assessing how their organization’s security measurement practices compare to those at other companies,” said Mark Carney, Advisory Council Member at Security by the Numbers and CISO at FireMon. “With this survey, Security by the Numbers hopes to encourage the adoption of security management industry frameworks and in turn generate meaningful metrics back to the international security community.”

In addition to its SMI survey, the Security by the Numbers website provides an online resource that helps promote the use of better metrics to improve the performance and best practices of information security in enterprises worldwide. In the coming year, Security by the Numbers intends to enlist security professionals in discussions that cut through the clutter of messages around cyber security to clearly see professional priorities, and to measure company practices in comparison to peers.

“There’s a lot of complicated advice around measures for IT security,” said Steve Kahan, president at Security by the Numbers and CMO of Thycotic. “Security by The Numbers is a collaborative online forum for simple, practical, real-world metrics on what companies are actually doing to measure IT security. With Security by the Numbers, companies can now get a reality check with accurate benchmarks to see how their practices measure up against their peers.”

Security by The Numbers’ mission is to establish and promote IT security metrics, standards and practices that empower IT security professionals to identify and execute the most impactful strategies for protecting their organizations from cyber-attacks before they strike vital systems and compromise sensitive data. Security by the Numbers offers member benefits and services that include:

·         Global Research and Comparative Benchmarks: to identify the latest metrics and help IT security professionals understand where they stand vs. their peers

·         Education and Best Practice Reports: to help IT Security Professionals advance their careers by understanding latest IT security measurements as well as playbooks for improvement

·         Collaboration: Peer networking tools; forums, teleconferences and online meetings and more

To learn more about Security by the Numbers, visit www.Securitybtn.org or to participate in the Security Measurement Index, visit www.securitybtn.org/survey

About Security by the Numbers

Established in 2016 Security by the Numbers is a unique organization for IT professionals and business executives designed to facilitate collaboration and prioritization of key cyber security issues. The organization’s mission is to establish and promote IT security metrics, standards and practices that empower IT security professionals to identify and execute the most impactful strategies for protecting their organizations from cyber-attacks before they strike vital systems and compromise sensitive data. For more information, please visit www.Securitybtn.org.  

 

For further information, please contact:
Steve Kahan                                                                                      
Security by the Numbers                                                                                             
T: 202-802-9399
E: [email protected]    

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...