Desktop version

Home arrow Computer Science arrow Securing Systems Applied Security Architecture and Threat Models

Measuring Success

One of the problems with security architecture is that it is not amenable to absolute measurements. Because of the different sizes and complexities of projects, a measure such as the number of assessments performed is like comparing apples to oranges to bananas to mangoes to tomatoes. And really, how can you count the produce from a single plant and use that quantity to calculate the success of your entire garden? These are not comparable.

A poor measurement is the number of requirements written. A project that adheres to organizational standards will require few to no requirements. The security architect has done his or her job properly in this case. Adherence to standards is to be encouraged. My guess is you don’t want your security architects to believe that achieving success is a matter of writing requirements. If you do, you may get a lot of meaningless requirements or even impossible requirements that projects can’t fulfill. Bad idea. But I’ve seen it proposed due to the lack of useful measures of success.

Instead, let me pose a couple of approaches that may help?

< Prev   CONTENTS   Source   Next >

Related topics