New Measures

Regular readers of this column might recall the installment that appeared in the November/ December 2010 issue, "An Index of Cybersecurity," which suggested that such an index (the ICS) would soon appear. Prophesy is now fulfilled: the ICS has begun publication at cybersecurityindex.org. It\´s what is called a sentiment-based index- if you\´re familiar with the US Consumer Confidence Index, then you already know what it is (http://tinyurl.com/3sb633k). Respondents to the ICS are competent security practitioners "with direct operational responsibility who share, each month, how their view of security in several areas has changed since the month before. Thanks to them for their willingness to engage. The ICS is one leg of strategy; with colleagues Alex Hutton (Verizon) and Greg Shannon (CERT), the second leg is a formal prediction market for cyber security, now in beta test. Where the ICS is a measure of position, a prediction market is a measure of momentum (direction and velocity). Prediction markets have an extensively documented theory and great design flexibility, but the short form description of the simplest prediction market is tha tin such a market the participants are vying with each other to better predict whether concrete future events will or will not occur. They do this by the buying and selling of contracts that posit that such and such an event will occur by such and such a time.