New index a step to trading IT security risks

May 6, 2011
Cyber Security, FedCyber Wire
No Comment

via Secure Computing

Dan Geer, the highly regarded chief information security officer for the CIA’s investment arm, In-Q-Tel, will next month launch the Cyber Security Index, which could be a precursor to trading IT risks on financial markets.

The “sentiment-based” Cyber Security Index (CSI), set up by Greer and investment consultant Mukul Pareek, will boil 300 CISO’s views on security down to a number.

Base month March has been set at 1000 and CSI flagged on its website that April rises to 1021.6.

“In short, the Index of Cyber Security aggregates the views of information security industry professionals as expressed through a monthly survey. Its form is an index for reasons that will become apparent,” the pair explain.

The survey covers improvements or degradation in security based on movements in the rates of malware, intrusion and attacks on web-facing applications as well as the likelihood of insider attacks, being a target for nation state actors or industrial espionage. It also covers security investments and the cost of complying with cybersecurity legislation.

Greer and Pareek’s vision for the index is big. The pair claim their index would be useful in establishing a means for financial market players to buy and sell IT security risks, and for end-user organisations to buy such insurance.

Continued here.