Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Oct 2, 2012

PRAGMATIC Security Metric of the Quarter #2

PRAGMATIC Security Metric of the Second Quarter

It has been a good quarter in the sense that several of the example metrics we have discussed have scored substantially higher than our first Security Metric of the Quarter, Discrepancies between physical location and logical access location.   


With the highest PRAGMATIC score of all the metrics we have reviewed
in the past three months, we are proud to announce that our second
Security Metric of the Quarter is ... 


... <cue annoying drum roll to cover embarrassing pause
while we fumble with the envelope> ...
 




Congratulations, please walk elegantly to the stage to receive your glittering prize from our scantily-clad presenter and her vaguely amusing side-kick.

Aside from BCM maturity, the HR security maturity metric came a very close second, achieving almost exactly the same score.  They are both 'maturity metrics', of course.  The maturity scoring approach is a particularly flexible and useful way of measuring subjective matters in an objective and repeatable manner.


These are the security metrics we have discussed and scored during the quarter, in the context of the imaginary company Acme Inc.  Click their names to remind yourself what the panel thought of them:



Example metric P R A G M A T I C Score
BCM maturity 90 95 70 80 90 85 90 87 90 86%
HR security maturity 90 95 70 80 90 85 90 85 90 86%
Traceability 85 89 88 90 91 87 65 84 85 85%
Awareness level 86 89 86 82 85 80 69 48 75 78%

Uptime


84 97 66 78 94 61 79 47 89 77%
Audit findings  79 89 87 96 92 84 30 96 36 77%
Employee churn 60 66 20 85 60 80 75 80 91 69%
Security spending 82 94 60 60 89 29 33 49 59 62%
IRR 69 72 25 30 82 50 44 60 88 58%
Policy compliance 55 64 75 50 68 34 59 76 33 57%
Unclassified assets 52 53 63 44 62 13 17 87 44 48%
Systems compliance 48 26 36 41 56 13 19 46 12 33%