One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4575064 |
| Date de publication | 2022-05-11 10:30:05 (vue: 2022-05-10 23:05:31) |
| Titre | How many metrics? |
| Texte | While perusing yet another promotional, commercially-sponsored survey today, something caught my beady eye. According to the report, "On average, organizations track four to five metrics". Four to five [cybersecurity] metrics?!! Really? Oh boy.Given the importance, complexities and breadth of cybersecurity, how on Earth can anyone sensibly manage it with just four to five metrics? It beggars belief, particularly as the report indicates that three quarters of the 1,200 surveyed companies had at least a $billion in revenue, and more than half of them have at least 10,000 employees. With a total cybersecurity expenditure of $125billion (around 80% of the total global estimate), these were large corporations, not tiddlers.The report indicates the corresponding survey question was "Q30. Which of the following cybersecurity metrics does your organization track, and which metrics are the most important?". Well OK, that's two questions in one, and 'the following cybersecurity metrics' are not stated.Having been quietly contemplating that one remarkable, counter-intuitive finding for about an hour, I've thought up a bunch of potential explanations so far:The four to five cybersecurity metrics are just those considered 'key' by the CISOs and other senior people surveyed.The four to five are just the respondents' choices from the 16 metrics presumably offered in the question (we aren't told what metrics were offered in the question, but there are 16 listed in the report).Cybersecurity is not being managed sensibly.Cybersecurity is not being managed.Cybersecurity is not what I think it is - a neologism for IT security or more specifically Internet security protecting against deliberate, malicious attacks by third parties. CISOs and the like haven't got a clue what they are doing.Most CISOs and the like chose not to answer the question (of the 1,200 companies surveyed, we aren't told how many respondents answered this or indeed any other question: perhaps they were getting bored by question 30 of an unknown total).CISOs and the like simply lied, for some reason, or their responses were inaccurately/ineptly recorded.The word 'track' in the question strongly implies that the four to five metrics are measured and reported regularly, showing trends over time. Other metrics that are not 'tracked' in this way were not noted.The survey was ineptly designed, conducted, analysed and/or reported.The survey was non-scientific, biased towards the interests of the commercial sponsors (who, presumably, offer 'solutions' measured by the chosen metrics ...).The survey company is |
| Envoyé | Oui |
| Condensat | $125billion $billion four oh move perhaps 000 200 about according against along analysed and/or another answer answered any anyone are aren around attacks average back beady been beggars being belief between biased blatantly blog: bored boy breadth bunch but can caught choices choose chose chosen circulating cisos clue commercial commercially companies company complained complexities conducted considered contemplating context corporations corresponding count counter credibility cybersecurity deliberate designed discount does doing drawn earth eight emphasis employees error: estimate exercise expenditure explanations eye far far:the find finding five following forty four from getting given global got had half happy hard have haven having head hence here hour how implies importance important inaccurately/ineptly indeed indicates ineptly inexorably integrity interests internet intuitive just key lacks large least lied like link list listed malicious manage managed many marketing maybe mean measured merely metrics misinformation misinterpreting mislead mistaken: more most much need neologism non not noted nothing offer offered one organization organizations other out over particularly parties patently people perhaps perusing phrase possibilities possible potential presumably previously promotional properly protecting provide putting q30 quarters question question: questions quietly readjust really reason recorded refuse regularly remainder remarkable report reported respondents responses revenue ridiculous scientific security see senior sensibly seriously showing simply solutions some something source specifically sponsored sponsors stated strongly study survey surveyed suspect taken than that them these think thinking third those thought three tiddlers time today told too total totally towards track tracked tracking transcription trends two understand unknown untrustworthy valid way well what which who word words worth yet your yours |
| Tags | Guideline |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.