Importance of Data/Information Security – A Biggest Asset
Importance of Data/Information Security – A Biggest Asset
Data is “Raw Facts and figures” whereas Information is “Processed Data”. Data is the biggest asset for every organisation, hence its security is one of most important and aspect for them.
Security Metrics
Metrics are required to better understand your data.
Various Security Metrics are developed by security professionals to achieve the objective such as:
- Risk Metrices
- Security Vulnerability and incident statistics
- Annual Loss Expectancy
- Return on Investment
- Total Cost of Ownership.
Although these metrices are accepted by various industries, still these metrices hold some disadvantages such as unreliable data processing. Industries are still looking for some good security metrices to fulfill their requirements.
Industries Experience
Industries like insurance, manufacturing and design teach us the importance of data and its security.
Insurance– Teaches us how important it is to collect, understand, and analyse data accurately and precisely, and their impact on our security metrics and other risk management exercises.
Manufacturing- Measurable and controlled processes always yield more positive results in terms of security.
Design- Successful measurement security programmes help to understand people as well as technology.[NS1] [72]
Challenges
Challenges involved with these metrics are:
- Risk
- Cost
- Time
- People
- Measurement
Develop your own Metric
A successful metric programme will always look at how important the qualitative data is, security as a business process and the importance of people involved in the security process. Software Engineering teaches us the GQM (Global Question Metric Method) – one of the methods to develop our own metrices, it is a simple three-step process of developing a security metric. The first step is defining specific goals that the organisation expects to achieve. This will help the organisation to understand their business needs. The second step would be to convert the goals into well-formatted questions e.g. “How to achieve those goals?” After that, the goal can begin at a data level and metrices can be assigned.
In conclusion, the better your metric programme, the better the outcomes will be.
Authored By –
Dr. Rama Bhatia Singh – School of Engineering and Technology(MDIS Singapore)
Great Share about Security Metrics. Unfortunately, most small companies ignore IT Security at the early stages of their business. They managed to get by. When they get bigger, they continue to convince themselves that they are still unharmed in the past years and continue to be complacent. Usually, a bad and expensive incident will shake them and they will start to take it seriously. From your article, you have triggered my thoughts process about how we can adopt this metric way to help smaller business to start taking IT security at the early stage of their business.