From: GovLoop

Courtney Benhoff

Just a few years ago, the only security metric that mattered was whether your organization had been hacked or not.

This all-or-nothing definition of security success is now outdated. There are new, more complex metrics that measure the strength of your security posture. They include:

  • Mean Time to Intrusion: How long (hours or days) would it take someone to get into your network from the outside? This should be a long time.
  • Mean Time to Detection: How long does it take to notice they are in your network? This should be a short time.
  • Mean Time to Remediation: How long does it take to get the bad guys out? This should be a short time.

Read Complete Article