Board setting up site for security

Security Metrics Workshop

While Congress is releasing grades on agencies' security posture, another

organization is working to provide a central resource on ways that agencies

can do their own grading.

The Computer System Security and Privacy Advisory Board decided on Thursday

to develop a Web site compiling security metrics from the public and private

sector. The board is a joint government/industry group that advises officials

including the secretary of the Commerce Department and members of Congress.

The project follows up on a workshop the board held in June that highlighted

the wide range of ongoing security metrics efforts.

Almost every agency is trying to come up with some way to measure the

effectiveness of their security, and by providing all of the work that has

already been done in an easy-to-access format, the board could help reduce

duplication of effort, said board member John Sabo, director of security,

privacy and trust at Computer Associates Inc.

"The board could become a resource for people by categorizing the work

that's out there," he said.

The site also could serve as an educational resource on the different

types of metrics, including a fairly new approach of measuring not how many

attacks a security system repels but instead how having or not having security

affects users.

Several metrics have shown that the lack of security leads to low confidence

and trust in a system or application, a situation that can make a difference

when citizens are already leery of government, said Karen Worstell, vice

president of consulting company Atomic Tangerine Inc.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.