Speaker: Chris Eng / Veracode Every major infosec company publishes quarterly/yearly summary reports. Some based on survey, some based on real captured data. Recognizing the Narrative Every fancy looking infosec metrics report is a marketing vehicle; each has different perspectives; no consistency, but you can figure out the framing by looking at the exec summary… Continue reading
Post Category → Metrics
Metricon: Evidence Based Risk Management
Better management through better measurementSpeakers: Wade Baker and Alex Hutton and Chris Porter State of the industry: are we a science or pseudoscience? random fact gathering morass of interesting, trivial, irrelevant obs variety of theories that provide little guidance to data gathering Sources of knowledge under “risk” aggregate: asset landscape impact landscape threat landscape… Continue reading