Fortune Cookie Security Advice – Confusing Security Measures and Metrics – Sept 2009

Measures generate data and metrics organize data to generate information.  The difference between ‘data’ and ‘information’, the former is something you know, the latter is something you use.

Everyone wants information security to be easy.  Wouldn’t it be nice if it were simple enough to fit snugly inside a fortune cookie?  Well, although I don’t try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.

The key to fortune cookie advice is ‘common sense’ in the context of security.  It must be simple, succinct, and make sense to everyone, while conveying important security aspects.

Fortune Cookie advice for September, 2009:

Data and Metrics.jpg

Measures generate data and metrics organize data to generate information. 

The difference between ‘data’ and ‘information’, the former is something you know,

the latter is something you use.

In security, it is easy to confuse the terms ‘measures’ and ‘metrics’.  They are two distinct but related concepts.  Measurement theory incorporates the scale of nominal, ordinal, interval, ratio, and absolute.  These scales are used to measure something, with the output being data.  Metrics however are about analysis and intelligent decision making.  Metrics translate data into meaningful information which will support decision making.  Data is something you know.  Information is something you use to make decisions.

Fortune Cookie Security Advice - No Royal Road to Security - July 2008

Fortune Cookie Security Advice - Strategic Compettive Secure - June 2009

Fortune Cookie Security Advice - May 2008

Fortune Cookie Security Advice - June 2008

Fortune Cookie Security Advice - August 2008

Fortune Cookie Security Advice - September 2008

Fortune Cookie Security Advice - November 2008

Fortune Cookie Security Advice - December 2008

Fortune Cookie Security Advice - January 2009

Fortune Cookie Security Advice - February 2009

Fortune Cookie Security Advice - March 2009

Fortune Cookie Security Advice - April 2009

Fortune Cookie Security Advice - May 2009

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.