Security Effectiveness Framework Study
Security Effectiveness Framework Study
Security Effectiveness Framework Study
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Security</strong> <strong>Effectiveness</strong> <strong>Framework</strong> study<br />
The following graphs report each one of the six effectiveness<br />
metrics in greater detail according to the six input<br />
variables.<br />
Figure 12 reports uptime. A comparison of best and<br />
worst case scenarios suggest uptime is influenced by<br />
security environment and governance variables and less<br />
by enabling technologies, controls and culture.<br />
Figure 13 reports compliance. Similar to Figure 12,<br />
security environment and governance have a more significant<br />
impact on compliance than enabling technologies or<br />
organisational culture.<br />
Figure 14 reports threat containment. Unlike the previous<br />
graphs, enabling technologies influence threat containment.<br />
Here, culture, governance and budget have only a<br />
nominal impact.<br />
Figure 15 reports cost efficiency. As shown, governance<br />
has the most significant influence and enabling technology,<br />
controls and culture have a nominal effect on cost<br />
efficiency.<br />
Figure 16 reports breach prevention. Similar to threat containment,<br />
this metric is significantly influenced by enabling<br />
technologies and controls, and less influenced by budget,<br />
governance and culture.<br />
Figure 17 reports policy enforcement. Clearly, governance<br />
and the security environment have the greatest impact on<br />
this effectiveness metric.<br />
Figure 12: Uptime<br />
Figure 15: Cost efficiency<br />
6.00<br />
4.00<br />
2.00<br />
6.00<br />
0.00<br />
4.00<br />
-2.00 6.00<br />
2.00<br />
-4.00<br />
0.00<br />
-6.00 2.00<br />
-2.00<br />
0.00<br />
-4.00<br />
-2.00<br />
-6.00<br />
-4.00<br />
-6.00<br />
5.00<br />
10.00<br />
-5.00<br />
10.00<br />
-10.00<br />
5.00<br />
-5.00<br />
0.00<br />
-10.00<br />
-5.00<br />
Culture<br />
<strong>Security</strong><br />
environment<br />
Enabling<br />
technologies<br />
Controls Governance Budget<br />
Worst case Illustration Best case<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment technologies<br />
<strong>Security</strong><br />
Worst case<br />
Enabling<br />
Illustration<br />
Controls Governance<br />
Best case<br />
Budget<br />
environment technologies<br />
Worst case Illustration Best case<br />
Figure 10.00 13: Compliance<br />
-10.00<br />
10.00<br />
8.00<br />
6.00<br />
4.00<br />
10.00<br />
2.00<br />
8.00<br />
0.00<br />
10.00 6.00<br />
-2.00<br />
4.00<br />
-4.00<br />
8.00<br />
2.00<br />
-6.00<br />
6.00<br />
0.00<br />
-8.00<br />
4.00<br />
-2.00<br />
-10.00<br />
-4.00 0.00<br />
-6.00 -2.00<br />
-8.00 -4.00<br />
-10.00 -6.00<br />
-8.00<br />
-10.00<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
<strong>Security</strong><br />
environment<br />
Figure 14: Threat containment<br />
Enabling<br />
technologies<br />
Controls Governance Budget<br />
<strong>Security</strong> Worst case Enabling Illustration Controls Best Governance case Budget<br />
environment technologies<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment Worst case technologies Illustration Best case<br />
Worst case Illustration Best case<br />
<strong>Security</strong><br />
environment<br />
Enabling<br />
technologies<br />
Controls Governance Budget<br />
<strong>Security</strong> Worst case Enabling Illustration Controls Best Governance case Budget<br />
environment technologies<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment Worst case technologies Illustration Best case<br />
Worst case Illustration Best case<br />
6.00<br />
4.00<br />
2.00<br />
6.00<br />
0.00<br />
4.00<br />
-2.00<br />
2.00<br />
-4.00<br />
0.00<br />
-6.00<br />
-2.00<br />
-4.00<br />
-6.00<br />
2.00<br />
6.00<br />
0.00<br />
4.00<br />
-2.00 6.00<br />
2.00<br />
-4.00<br />
4.00<br />
0.00<br />
-2.00<br />
Culture<br />
<strong>Security</strong><br />
environment<br />
6.00<br />
Figure 16: Breach prevention<br />
4.00<br />
-4.00 0.00<br />
-2.00<br />
-4.00<br />
-6.00<br />
8.00<br />
6.00<br />
4.00<br />
2.00 8.00<br />
0.00 6.00<br />
-2.00 4.00<br />
-4.00 2.00 6.00<br />
-6.00 0.00 4.00<br />
-8.00 -2.00<br />
-4.00 0.00<br />
-6.00<br />
-2.00<br />
-8.00<br />
-4.00<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
Culture<br />
<strong>Security</strong><br />
environment<br />
Figure 17: Policy enforcement<br />
Culture<br />
<strong>Security</strong><br />
environment<br />
Enabling<br />
technologies<br />
Enabling<br />
technologies<br />
Enabling<br />
technologies<br />
Controls Governance Budget<br />
Worst case Illustration Best case<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment technologies<br />
Worst case Illustration Best case<br />
Controls Governance Budget<br />
Worst case Illustration Best case<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment technologies<br />
Worst case Illustration Best case<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment technologies<br />
Worst case Illustration Best case<br />
Controls Governance Budget<br />
Worst case Illustration Best case<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment technologies<br />
<strong>Security</strong> Enabling Controls Governance Budget<br />
environment Worst case technologies Illustration Best case<br />
Worst case Illustration Best case<br />
18<br />
Sponsored by: HP Information <strong>Security</strong> and Check Point Software -2.00Technologies Ltd.<br />
-4.00<br />
Ponemon Institute © Research Report & Instrument<br />
8.00<br />
6.00<br />
4.00<br />
2.00<br />
0.00<br />
-6.00<br />
-8.00<br />
Culture <strong>Security</strong> Enabling Controls Governance Budget