If it does what it’s supposed to, to the degree it’s supposed to, it’s effective (no matter how much risk, or what % of attacks, etc it reduces). If it does that for a cost that is low relative to its effectiveness, it’s efficient. At the point where the cost of increasing effectiveness exceeds the incremental benefit of doing so, it’s optimal. - Wade Baker, Verizon Business Security SolutionsSrc: Verizon Business Security Blog » Blog Archive » What is an “effective” Control?
What is an “effective” Control?
One of the many sources of information security news and advice that I subscribe to is the SecurityMetrics mailing list. Last week, Wade Baker of Verizon Business Security Solutions summarized when security controls can be considered effective, efficient, or optimal.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment