According to Gartner, the worldwide spending in 2016 on information security products and services exceeded $81.6 billion with IT Outsourcing, Security Testing and Data Loss Prevention provided some of the largest growth opportunities. The challenge that most organizations face is how to effectively recoup these investments at the level of return of investment (ROI) or better proposed in the justification of these invesments?
Organizations can adapt the DMAIC Methodology of the Six Sigma Process widely utilized across manufacturing industries to reduce manufacturing costs, improve yields and quality, and reduce wastes. DMAIC stands for Define, Measure, Analyze, Improve and Control and is data-driven methodology for improving and optimizing processes and designs. DMAIC projects are typically led by a Six Sigma Black Belt (SSBB) expert with either a white or Six Sigma Green Belt (SSGB) practitioners rounding out the Six Sigma team.
Let take a look at a scenario where an organization wants to employ intrusion detection tools from various sources to improve their threat detection time.
In the Define Phase, the Six Sigma team helps the IT staff to define signals or indicators of threats. This phase may look at the different ways to utilize the available tools and what indicators to be pulled from them.
In the Measure Phase, the team reviews the data collectors for the indicators and determine their validity based on a number of factors including frequency,sample size, etc. The team may add additional measurements at this phase or remove measurements that may deem not relevant.
In the Analyze Phase of DMAIC, the Six Sigma team assists the IT staff to review the indicators for false positives from the measurements previously defined. As these techniques require strong understanding of statistical principles, the Six Sigma team will likely utilize Six Sigma tools and techniques.
In the Improve Phase, some variables and indicators may be added or removed allowing the model to be refined and improved. This phase may loop back to the Analyze Phase. The iterative approach along with supporting data ultimately confirms the model's accuracy.
The Control Phase focuses on defining the controls (or key variables or tasks) to be monitored over time or periodically by the IT staff. These actions ensure that repeatable activities are taken to produce consistent outcomes.
In brief, the DMAIC process allows for a model to be constructed around a particular system or process using actual process data to achieve some particular outcome (e.g., faster threat response time from early detection). The variables of the model are iterated and the direct variables (e.g., having high correlation to the outcome) are subsequently identified. The model is then optimized and the controls to ensure optimal operations are documented.