Importance of Data/Information Security – A Biggest Asset

Importance of Data/Information Security – A Biggest Asset

Data is “Raw Facts and figures” whereas Information is “Processed Data”. Data is the biggest asset for every organisation, hence its security is one of most important and aspect for them.

Security Metrics

Metrics are required to better understand your data.

Various Security Metrics are developed by security professionals to achieve the objective such as:

• Risk Metrices
• Security Vulnerability and incident statistics
• Annual Loss Expectancy
• Return on Investment
• Total Cost of Ownership.

Although these metrices are accepted by various industries, still these metrices hold some disadvantages such as unreliable data processing. Industries are still looking for some good security metrices to fulfill their requirements.

Industries Experience

Industries like insurance, manufacturing and design teach us the importance of data and its security.

Insurance– Teaches us how important it is to collect, understand, and analyse data accurately and precisely, and their impact on our security metrics and other risk management exercises.

Manufacturing- Measurable and controlled processes always yield more positive results in terms of security.

Design- Successful measurement security programmes help to understand people as well as technology.[NS1] [72] 

Challenges

Challenges involved with these metrics are:

• Risk
• Cost
• Time
• People
• Measurement

Develop your own Metric

A successful metric programme will always look at how important the qualitative data is, security as a business process and the importance of people involved in the security process. Software Engineering teaches us the GQM (Global Question Metric Method) – one of the methods to develop our own metrices, it is a simple three-step process of developing a security metric. The first step is defining specific goals that the organisation expects to achieve. This will help the organisation to understand their business needs. The second step would be to convert the goals into well-formatted questions e.g. “How to achieve those goals?” After that, the goal can begin at a data level and metrices can be assigned.

In conclusion, the better your metric programme, the better the outcomes will be.

Authored By –

Dr. Rama Bhatia Singh – School of Engineering and Technology(MDIS Singapore)