Doug Bedell — September 28, 2009, 10:27 am

Security Indicators Well Worth Tracking

In larger companies, how does management know that business units are taking security concerns seriously?

George Campbell’s Metrics for Success column in the September Security Technology Executive magazine provides some handy indicators for security managers to use. He suggests tracking them both on a Never, Occasionally, Frequently and Trending Up or Down basis:

• Business units ignore or decline recommendations for improved security.

• They fail to address repeated security violations.

• They hire personnel with adverse background findings.

• They engage in risky outside business relationships after Security has issued an adverse due dillegence report.

• There are notable audit findings with regard to security deficiencies in critical business operations.

• Business units show little ownership or accountability for security in their operations.

As ever, uptrends can be worrisome.

No Comments »

RSS feed for Comments on this post. TrackBack URI.

No comments yet.

Leave a comment

Plain text comments only.