Improving Cybersecurity with Auditing and Metrics
TASC Cyber Experts Say Industry Standard Needed
September 18, 2012
Chantilly, VA – In today’s dynamic cybersecurity environment the old adage, “If you can’t measure it, it’s not important,” is all too true. Accurate, effective and real time auditing and metrics enable sensible decision making and efficient compliance, according to cyber experts at TASC, Inc. Today, most cyber audits and compliance practices are still manual and labor intensive. They do not reflect the modern cloud-computing capability or the need for real time situational assessment.
"Metrics are the key to enable decisions on how to best protect, react and invest for cybersecurity. The problem is today there is no clear set of industry standard cyber metrics," says Steve Winterfeld, TASC’s cyber technical director. "Standardizing how systems are evaluated will save money and increase security baselines by applying a common approach to risk assessment."
At the 2012 Software Assurance Program of the U.S. Department of Homeland Security's National Cyber Security Division, Winterfeld will discuss software assurance metrics and call for standardized metrics that are specific, measurable, attainable and repeatable.
"Cybersecurity is a shared imperative between government and industry, and we should invest in a cooperative, coordinated approach, not just another compliance drill," says Winterfeld. "Instead of taking a report-card approach, we are working with our federal customers to help them implement a dynamic method to secure an interconnected and interdependent cyber ecosystem."
Winterfeld’s presentation is scheduled for September 19.
For more information about TASC and career opportunities, visit http://www.tasc.com.