Cloud Security Alliance Announces Release of Newest Report on ‘Improving Metrics in Cyber Resiliency”

White paper introduces key metrics to measure threats, recover lost functionality in wake of attack

SEATTLE, WA – August 30, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of Improving Metrics in Cyber Resiliency. Developed by a group of subject matter experts within the CSA community, the new white paper is designed to help enterprises develop metrics and processes to measure threats before they become cyberattacks and recover functionality lost in the wake of those attacks.

The paper also introduces two key metrics—Elapsed Time to Identify Failure (ETIF) and Elapsed Time to Identify Threat (ETIT)—and proposes that the responsibility for measuring and reporting each be transferred from companies whose systems encounter cyberattacks to those in the Intrusion Detection System (IDS) space. By doing so, researchers suggest that it would encourage the development of superior algorithms that are needed to detect anomalies and improve cyber resiliency. According to the Ponemon Institute, the average cost of a data breach for a U.S. company is in the neighborhood of $5.4 million and in 2014, in the U.S. alone, spending on cybersecurity reached more than $70 billion.

“It is our hope that this report will initiate discussion and eventually encourage competition within the intrusion detection system space,” said Dr. Senthil Arul, lead author of the document. “As more companies are storing operation assets away from local servers, it’s clear that we need to bolster asset resiliency in the cloud if we are to keep operational resiliency unaffected.”

Companies and individuals interested in supporting cyber resiliency as a CSA area of interest can contact [email protected] for more information.