IT security may be a routine part of doing business, but it retains an unmistakable aura of a black art, where recovering hackers in white hats battle evil black-hats using various forms of digital sorcery.
However whimsical that imagery may sound, it’s a problem, says Elizabeth Nichols, partner in security consulting firm PlexLogic and a leading voice in what she calls the “metrics movement” in IT security.
Nichols
“We need to free security from the morass of black art,” she says. “As a discipline becomes more mature, it develops the kind of metrics and quantitative analysis that makes it less like a ...