IT Security Measurement - how well are my IT security dollars being spent ? - IT security budgets tend to represent single digit percentages of the whole IT budget, however with security changing into a larger issue than ever before, however, so I do know that my security bucks are delivering a come?

A stark straightforward reason for a comparatively low fund priority for IT security is that the simple undeniable fact that the huge portion of an IT budget should be committed to maintaining infrastructure and users followed by the development of those same systems to fulfill ever-increasing business demands. IT security has continually fallen a protracted approach down the totem of priorities but the necessity to safeguard IT resources from external and internal threats has caused a shift in approach in recent years. the difficulty becomes however do businesses apprehend what truly generates the most effective come for the dollar pay on security?

Given the abstract nature of IT security, performance will solely be fairly measured in an exceedingly relative fashion by assessing trends and benchmark standards against trade peers. it's one time a memoir of metrics has been established that business will look internally at however well it is defrayal IT security budgets and what the loss expectancy is from threats to the security of the IT infrastructure. to try to implement IT security metrics while not correct management over the method and identification of the KPI's that may comprise the balanced record book will solely contribute to the embarrassment of information being collected, however, do very little for contributive to the business itself. The extremely technical nature of the IT operations and also the even a lot of elaborate space of IT security doesn't lend itself simply to be understood by non-technical managers whereas IT management themselves have usually did not embrace the requirement for a business case for allocating a budget.

It will be essential that associate IT security professional is concerned within the development of the balanced record book and identification of the KPI's that may comprise it along with relative weightings. it's equally essential that a part of the team distinctive and process metrics is ready to grasp the business implications of a security incident to the business in terms of cost. in contrast to a purchase that incorporates a definite worth, however, does one outline an IT security incident for the aim of IT security metrics? over that, however, does one assign a dollar price to such an incident occurring? problems will arise given the fluid nature of the vary of rising threats as wireless and mobile device technology will increase, briefly your metrics can alter frequently, therefore, creating year on year comparisons problematical as like won't be compared with like.

Generally, it's best to stay the KPI's and balanced record book metrics as straightforward as potential and avoid mistreatment too several so as to take care of clarity. Business managers wish to be ready to target the key areas that need their management time, whereas IT advisors can be ready to demonstrate an excusable business case for budgets to reinforce IT security based mostly upon operational business want instead of technical superior skill. Establishing metrics that technical and non-technical managers agree upon and perceive is a superb start line from that to assess IT security performance.

0 Response to "IT Security Measurement - how well are my IT security dollars being spent ?"

Post a Comment

Silakan berikan masukan anda dengan artikel yang saya berikan.