Board setting up site for security
- By Diane Frank
- Sep 15, 2000
Security Metrics Workshop
While Congress is releasing grades on agencies' security posture, another
organization is working to provide a central resource on ways that agencies
can do their own grading.
The Computer System Security and Privacy Advisory Board decided on Thursday
to develop a Web site compiling security metrics from the public and private
sector. The board is a joint government/industry group that advises officials
including the secretary of the Commerce Department and members of Congress.
The project follows up on a workshop the board held in June that highlighted
the wide range of ongoing security metrics efforts.
Almost every agency is trying to come up with some way to measure the
effectiveness of their security, and by providing all of the work that has
already been done in an easy-to-access format, the board could help reduce
duplication of effort, said board member John Sabo, director of security,
privacy and trust at Computer Associates Inc.
"The board could become a resource for people by categorizing the work
that's out there," he said.
The site also could serve as an educational resource on the different
types of metrics, including a fairly new approach of measuring not how many
attacks a security system repels but instead how having or not having security
Several metrics have shown that the lack of security leads to low confidence
and trust in a system or application, a situation that can make a difference
when citizens are already leery of government, said Karen Worstell, vice
president of consulting company Atomic Tangerine Inc.