The 5 best malware metrics you can generate

Are you asking the right computer security questions? If you can answer these five, you'll know better how to secure your organization.

One of my favorite quotes from Albert Einstein goes:

If I had an hour to solve a problem and my life depended on the solution, I would spend the first 55 minutes determining the proper question to ask, for once I know the proper question I could solve the problem in less than 5 minutes.”—Albert Einstein

A big problem in the computer security world is that practitioners aren’t skeptical enough, don’t question purported authority statements, and often don’t ask the right questions. It’s a theme I see over and over, and it leads defenders to enacting the wrong computer security defenses or worrying about the wrong metrics.

Many defenders are asked to come up with hundreds of controls and metrics that are supposed to accurately define the security risk of their environment. A handful of controls, like those around social engineering and patch management, will quantify the vast majority of computer security risk in most environments. Even then, for those controls, most defenders get it wrong.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!