IT Security Metrics : A Practical Framework for Measuring Security & Protecting Data has has solid reviews by Richard Bejtlich (@TaoSecurity), David J. Elfering (@icxc) & Dr. Anton Chuvakin (@anton_chuvakin), amongst others. You can get it (for a short time) for just about fourteen Washingtons by doing the following. First, go to this Amazon link… Continue reading
Post Category → Metrics
Micropwns :: Risk Microprobabilities for Infosec?
NOTE: This is a re-post from a topic I started on the SecurityMetrics & SIRA mailing lists. Wanted to broaden the discussion to anyone not on those (and, why aren’t you on them?) I had not heard the term micromort prior to listening to David Spiegelhalter’s Do Lecture and the concept of it really stuck… Continue reading
For Everyone Who Thought I Was Just A Zombie
You were right…(UPDATED with PK talk appearance )
Metricon: Verification versus Validation
Speaker: Jennifer Bayuk Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there & on floppies) *spike in misuse & abuse modems and dedicated links to external providers/partners added midrange servers (including e-mail) added dial-back… Continue reading
Metricon: Measuring Metrics Programs (Why Aren’t We?)
Speaker: Jared Pfost (@JaredPfost) Framing: IT Security Metrics in an Enterprise If metrics are valuable, why aren’t we measuring them. Virtually no research on them. The Chase Measuring metric program maturity would be easy, but not valuable Metric programs aren’t a priority for enough CISOs for a benchmark to matter Additional proof needed:… Continue reading
Metricon: Software Security’s Futures Plural
UPDATE – 2011-02-26: Alphonso has posted his slides and BeeWise is open! Speaker: Alfonso De Gregorio How do we build a future in software security? /me: the slides that will be posted have a ton of detail that Alfonso sped through. you’ll get a very good feel from them Metrics are the servants of… Continue reading
Metricon: Name Server Log Data
Speakers: Fruhwirth, Proschinger, Lendl, Savola “On the use of name server log data as input for security measurements” CERT.at ERT coordinate sec efforts & inc resp for IT sec prblms on a national level in Austria constituted of IT company security teams and local CERTs Why name server data? CERT.at is mandated to… Continue reading
Metricon: Automated Incident Reporting
Speaker: Juhaniu Eronen “The Autoreporter Project” – Background Goal: make finland mostly harmless to the rest of the internet (that’s actually in the law – Protection of Privacy in Electronic Comms/Finland) /me: I’ll need to put some verbiage around this tonight to give you a good picture of what Juhaniu was conveying…really good description… Continue reading