How Do You Know if You’ve Got Enough Security?

Companies, the government and even individuals are using technology to achieve security. But now, experts are asking: Can you truly be secure if you don’t measure it?

In an article on the Government Computer News website, writer William Jackson says that question was a key theme last week at the Federal Information Assurance Conference at the University of Maryland. Jackson says the experts at the event were clear that achieving security is more than just getting the right technology: You need to have a set of metrics to tell you how close you are to reaching your goals.

“You get what you measure,” Postal Service IT governance manager James L. Golden told the conference. Jackson says the USPS uses 130 metrics to track its daily, weekly and monthly security posture.

Jackson says USPS has been aggressively tracking its security posture for about 18 months. In that time, it has upgraded all its Windows XP workstations to Service Pack 2, he reports.

“The service is running at about 80 percent on daily updates of antivirus signatures for desktops and more than 80 percent for properly configured personal firewalls. In September, it reached 100 percent on its goal of three-day data backups for its servers,” Jackson reports.

To read the full article, click here: http://www.gcn.com/online/vol1_no1/42400-1.html?topic=project-management