New Index Measures Cyberspace SafetyConversation with Creators of the Cybersecurity Index
Geer and Pareek launched the index in April, and in an interview with Information Security Media Group's GovInfoSecurity.com say it could be months before its value to government and private-sector information security officers will be known.
But Geer says he suspects the index will serve as a baseline for information security officers to compare their organizations' performance against the general state of IT security. "An information security officer has among other questions the perpetual one of: Am I being targeted, am I different, what are other people seeing, is there a baseline I can compare myself to?" Geer says. "And, it's a constant problem. In fact, unless you do some sort of information sharing, there is little way to tell whether your observations are unique or typical or altogether ordinary except for one feature or the like."
The cybersecurity index features 15 sub-indices that measure malware threats, intrusion pressures, insider threat, industrial espionage, information sharing and media and public perception, to name a few. "It allows (security officers) to compare their views with what others are reporting and if their efforts are focused on the right track," Pareek says.
In the interview, Geer and Pareek also explain how the index works and ways it could be employed, such as a metric to assess cybersecurity insurance policies.
Geer is chief information security officer of In-Q-Tel, an independent strategic investment firm that identifies emerging technologies to support the missions of the U.S. intelligence community. Geer says In-Q-Tel was not involved in the creation of the cybersecurity index.
Pareek has worked as a vice president at a major investment bank and as a senior manager for a Big 4 accounting and consulting firm.