PRAGMATIC Security Metric of the Quarter #2

PRAGMATIC Security Metric of the Second Quarter

It has been a good quarter in the sense that several of the example metrics we have discussed have scored substantially higher than our first Security Metric of the Quarter, Discrepancies between physical location and logical access location.   

With the highest PRAGMATIC score of all the metrics we have reviewed
in the past three months, we are proud to announce that our second
Security Metric of the Quarter is ... 

... <cue annoying drum roll to cover embarrassing pause
while we fumble with the envelope> ... 

Business Continuity Management maturity!  

Congratulations, please walk elegantly to the stage to receive your glittering prize from our scantily-clad presenter and her vaguely amusing side-kick.

Aside from BCM maturity, the HR security maturity metric came a very close second, achieving almost exactly the same score.  They are both 'maturity metrics', of course.  The maturity scoring approach is a particularly flexible and useful way of measuring subjective matters in an objective and repeatable manner.

These are the security metrics we have discussed and scored during the quarter, in the context of the imaginary company Acme Inc.  Click their names to remind yourself what the panel thought of them:

Example metric	P	R	A	G	M	A	T	I	C	Score
BCM maturity	90	95	70	80	90	85	90	87	90	86%
HR security maturity	90	95	70	80	90	85	90	85	90	86%
Traceability	85	89	88	90	91	87	65	84	85	85%
Awareness level	86	89	86	82	85	80	69	48	75	78%
Uptime	84	97	66	78	94	61	79	47	89	77%
Audit findings	79	89	87	96	92	84	30	96	36	77%
Employee churn	60	66	20	85	60	80	75	80	91	69%
Security spending	82	94	60	60	89	29	33	49	59	62%
IRR	69	72	25	30	82	50	44	60	88	58%
Policy compliance	55	64	75	50	68	34	59	76	33	57%
Unclassified assets	52	53	63	44	62	13	17	87	44	48%
Systems compliance	48	26	36	41	56	13	19	46	12	33%