134 ◾ Information Security Metrics
Inconsistencies or contradictions in the objectives, policies, and standards ◾
applied to various assurance functions is a common indication of a lack of
integration and can result in operating at cross purposes.
e higher in the organization the common reporting point for assurance ◾
processes exists, the lower the level of integration is likely to be. In part, this
is a result of the observation made by well-known management consultant
Peter Drucker nearly two decades ago that for every level of management, the
noise doubles and the amount of information is cut in half.
e degree of communications between assurance providers correlates well ◾
with the level of integration between these activities.
ese indic ...