Quantifying the safety or danger of cyberspace is tough. But a highly respected IT security practitioner and an experienced risk management consultant have teamed to develop an index they contend reflects the relative security of cyberspace by aggregating the views of information security industry professionals.
"We don't have much to compare to in this field because hard numbers are very hard to get", advised by Mukul Pareek developed the Index of Cybersecurity, a sentiment-based measure of the risk to the corporate, industrial and governmental information infrastructure from a range of cyberthreats.
The index of Cybersecurity launched in April, and in an interview with Information Security Media Group's GovInfoSecurity.com say it could be months before its value to government and private-sector information security officers will be known.
The developer of the index "Mukul Pareek" suspects the index will serve as a baseline for information security officers to compare their organizations' performance against the general state of IT security. "An information security officer has among other questions the perpetual one of: Am I being targeted, am I different, what are other people seeing, is there a baseline I can compare myself to?". "And, it's a constant problem. In fact, unless you do some sort of information sharing, there is little way to tell whether your observations are unique or typical or altogether ordinary except for one feature or the like."
The cybersecurity index features 15 sub-indices that measure malware threats, intrusion pressures, insider threat, industrial espionage, information sharing and media and public perception, to name a few.
In the interview, Geer and Pareek also explain how the index works and ways it could be employed, such as a metric to assess cybersecurity insurance policies.