Fight against cyber crime hampered by lack of global standards

Enisa says standard metrics and measurements are essential when assessing IT resilience

Standard metrics and measurements are essential when assessing IT resilience across the EU public and private sectors, according to a new report released by The European Network and Information Security Agency (Enisa) today.

The report, entitled Main challenges and recommendations on network and service resilience metrics, argues that there are currently few frameworks that allow an IT manager to assess their organisation's IT resilience or compare it with its peers and that there is currently no globally accepted framework.

It also states that there are different baseline metrics used by different organisations and that this compounds difficulties when trying to compare them.

This means that companies and public-sector bodies just don't know how well equipped they are in comparison with their peers to combat cyber crime and other security issues, according to a spokesperson at Enisa.

The report makes a case for standard metrics that would include taxonomy, description and impact factors.

It also argues that IT managers and technologists should undertake further research into resilience metrics.

"They should look at creating a common taxonomy, as well as descriptions and baseline metrics; these might include those relating to aggregation, composition, thresholds and data analysis," said the report.