GRT Successes

Get Adobe Flash player

 

"GRT’s methodologies for accomplishing the project goals were reflected in the way their people performed on the project, and they always produced the highest quality results"  more»

 

Follow Us

        

Seaport-E Award

Prime Contract Holder

Contract: N00178-15-D-8229

 


data security, regulatory and privacy management

Compliance, Security, Data Masking, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT provides expert IT Risk Management, Data Security, Data Privacy, Data Masking and Regulatory Compliance consulting services to companies in the United States and arround the world.

data security, regulatory and privacy management

business intelligence, operational, analytic and business reporting

Business Intelligence, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT assists you in development, design and implementation of a data warehouse and business intelligence strategy that ensures common framework across the enterprise.

business intelligence, operational, analytic and business reporting

Information strategy, gap analysis, tactics, design and implementation

Data Warehouse and Business Intelligence Staffing Solutions, New York, Connecticut, New Jersey,  Massachusetts, Rhode Island

GRT is a leader among expert staffing solutions in IT functions associated with Data Security, Business Intelligences and Data Warehouse. We help you meet your information management consulting and staffing needs.

Information strategy, gap analysis, tactics, design and implementation

Measuring IT Security

Data breaches seem to have been constantly in the headlines in recent years. This has caused many top level executives to ask this question of their information security officers: “How safe is our data?” In the rapidly evolving world of cloud computing and data centers, this question, and the ability to monitor and measure security information, has become crucial to the way businesses operate.

Security metrics, when utilized properly, help organizations with better security practices, better training, and better tools where they're needed. Furthermore, when these are presented in a coherent fashion they can quickly and painlessly show the ROI from good, well thought-out security procedures to the rest of the board.

Writing in Information Week's Dark Reading e-zine, Ericka Chickowski examines five of the best practices for measuring the IT security of any business:

“Start with a baseline”

The first step to solid security monitoring is to set up and establish a baseline. Further, future analysis will be meaningless if you cannot properly define what 'normal' is supposed to look like. This makes it easier to spot any aberrant or anomalous behavior and quickly take action against threats.

“Put the microscope on vulnerabilities and patch management”

The goal here is to reduce the amount of time between a patch release and its deployment, so-called “patch latency.” The smaller this number, generally the more secure a system will be. This minimizes the amount of time a vulnerability in software is open for exploitation and is one of the key available security metrics.

“Keep better track of incident response performance”

Much of the work should really be about risk mitigation, rather than risk prevention. Understanding that there is no magic bullet that will keep all the bad guys out of the system is crucial to lowering the risk of a critical data breach. This means focusing on tracking and monitoring incident response practices instead of sticking heads in the sand.

“Keep tabs on access control”

One of the best ways to measure IT security is to ensure a solid understanding of how users access a system, and to keep tight control of what they do with the information. Keeping tabs on the identity of those accessing the system and what they do with the information can be crucial to minimizing the risks associated with user behavior.

“Measure with an eye toward ROI”

Many of these metrics can be used as KPIs to illustrate how risk postures are either improving or deteriorating. However, these alone will not prove the cost-benefit to the business as a whole. They need to be put into context.

Overall though, no matter what metrics are used – experts “consistently recommend that they are measured more often.” Annual reviews hamper incremental change, and in the fast-moving world of IT security this is something that needs to change.