Related
-Security metrics and Small- and Medium-Sized Enterprises (SMEs): Quo Vadis
Previousl we discussed how security-related risks must be categorized to get a better handle on them. We proposed a graphic framework that could be used here:
- Early Warning System (EWS) – Categorizing the risks
Here we expand upon this framework and develop a graphic overview in somewhat [...]
Entries Tagged as 'metrics'
SMEs and security metrics – where should one start?
June 30th, 2007 · No Comments
Tags: Uncategorized
What are good security metrics? Check source then assess relevance
January 18th, 2007 · No Comments
Recently we have addressed various issues regarding securitymetrics, such as:
- CyTRAP Labs – guide – developing IT security metrics that work for you
- Managing risks while getting your CEO’s attention – communication matters
- Security metrics – do you know what your boss wants?
- CyTRAP Labs – guide- the seven deadly sins of security metrics
Security metrics [...]
Tags: Uncategorized
CyTRAP Labs – guide – the seven deadly sins of security metrics
December 6th, 2006 · No Comments
As we all have learned, getting attention (and budget) from top executives for such efforts as risk and security mitigation is a challenge, see here:
CyTRAP Labs guide to effective IT risk management – being conceptually thorough while keeping it simple
CyTRAP Labs – guide – developing IT security metrics that work for you
Managing [...]
Tags: Uncategorized
Security metrics – do you know what your boss wants?
November 11th, 2006 · No Comments
Your email:
We have previously addressed how difficult it is to develop metrics that are not only reliable but also valid and have a strategic focus – meaning C-level executives do care about getting such numbers that relate to matters the care about (e.g., new markets, strategy, bottom line):
- CyTRAP Labs – guide – developing IT [...]
Tags: Uncategorized
Security metrics – how does the military try to get it right for Iraq?
November 3rd, 2006 · No Comments
Your email:
Since 2001 we have been addressing security metric issues:
- Best Practice – Benchmarks – Metrics – Ten Worst Security Practices
- LIB- NIST – Pub 800-55 – Using Metrics to Measure Security Controls, Processes and Procedures
- Week 33 – Lib 1 – NIST Guidelines – Security Metrics that Work?
Recently we have picked it [...]
Tags: Uncategorized
CyTRAP Labs – guide – developing IT security metrics that work for you
October 17th, 2006 · No Comments
As you might have expected, there is no consensus on what security metrics should be used for measuring security effectiveness and benchmarking the enteprise.
2004-04-06 The Robert Frances Group reported in CSO magazine that the companies it surveyed used these metrics to assess security effectiveness:
Which of the following key data elements does your organization [...]
Tags: Uncategorized