SMotW #2: Coupling index

Security Metric of the Week #2: Coupling index

Our second 'metric of the week', Coupling index, is a measure of the degree of interdependency between things such as:

• IT systems;
• Business processes;
• Business units, departments and teams;
• Organizations.

Coupling has an impact on the risk of cascade failures (known colloquially as 'the domino effect').  In tightly-coupled situations, upstream issues will quickly and dramatically affect downstream elements.  In loosely-coupled situations, by contrast, there is more leeway, more 'slack' so downstream effects tend to be less evident, show up less quickly if at all, and generally have less impact on the organization.

Contrast traditional mainframe-based batch-processing financial systems against real-time ERP systems, for instance: if something causes a single batch to fail on the financial system, it can generally be corrected and rerun without too much trouble, provided it still completes within the batch window.  However, a similar failure on an ERP system can sequentially topple a whole series of highly interdependent operations, bringing the entire ERP and the associated business activities to a crashing halt.

P	R	A	G	M	A	T	I	C	Score
68	85	50	60	72	47	35	61	42	58%

This candidate metric scores a mediocre 58% on the PRAGMATIC scale.  It is quite strong on Relevance but other aspects such as Timeliness and Cost detract from the final score. These criteria are issues because of the practical difficulties of quantifying the 'degree of coupling' in meaningful and comparable terms, especially across such a diverse set of factors as noted in the bullets above.