Metricon: Verification versus Validation

Speaker: Jennifer Bayuk   Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there & on floppies) *spike in misuse & abuse modems and dedicated links to external providers/partners added midrange servers (including e-mail) added dial-back… Continue reading

Metricon: Measuring Metrics Programs (Why Aren’t We?)

Speaker: Jared Pfost (@JaredPfost) Framing: IT Security Metrics in an Enterprise   If metrics are valuable, why aren’t we measuring them. Virtually no research on them.   The Chase Measuring metric program maturity would be easy, but not valuable Metric programs aren’t a priority for enough CISOs for a benchmark to matter Additional proof needed:… Continue reading

Metricon: Automated Incident Reporting

Speaker: Juhaniu Eronen “The Autoreporter Project” – Background Goal: make finland mostly harmless to the rest of the internet (that’s actually in the law – Protection of Privacy in Electronic Comms/Finland)   /me: I’ll need to put some verbiage around this tonight to give you a good picture of what Juhaniu was conveying…really good description… Continue reading

Metricon: Critical Consumption Of Infosec Statistics

Speaker: Chris Eng / Veracode Every major infosec company publishes quarterly/yearly summary reports. Some based on survey, some based on real captured data. Recognizing the Narrative Every fancy looking infosec metrics report is a marketing vehicle; each has different perspectives; no consistency, but you can figure out the framing by looking at the exec summary… Continue reading