Final Inglesii K (Utn-Frba)
Software project managers need better data to support their decisionmaking about security. Ideally, a data source should provide informationto support the following tasks:
• Project managers must decide how to allocate resources to monitor and address cyber incidents. Survey data can inform resource-allocation decisions and trend dataabout cybersecurity incidents, which can support more effective strategic planning.
• Government, industry, and monitoring organizations must implement standards and guidelines, which will facilitatethe search for common problems and possible solutions. Standardization of vulnerabilities, types of attack, and techniques used in attacks can permit crossproject analysis that suggests best practicesinvolving the most cost-eff ective technologies, policies, procedures, and organizational structures.
• The insurance industry could play a growing role in securing cyberspace. Credible survey datacould be used to set policy terms and standards for insurability against cyberattacks. This information would inform decisions about how much security to build into a product and
how much it wouldcost.
• There also is a need for critical infrastructure–protection benchmarks, which could support the analysis of attack frequency, severity trends, and consequent losses; determination of bestpractices for addressing current and changing vulnerabilities; and the implementation of regular standards updates.
• Measures of effectiveness are needed to provide feedback on the efficacy of campaignsto strengthen cybersecurity.
Such measures could influence perception and empirical measurement of security strategies’ effectiveness, development and dissemination of good metrics, perceived andactual eff ects of regulations and standards and their enforcement, and perceived and actual eff ects of both public- and private-sector education strategies.
To better understand the cybersecurity...
Regístrate para leer el documento completo.