Related -Security metrics and Small- and Medium-Sized Enterprises (SMEs): Quo Vadis Previousl we discussed how security-related risks must be categorized to get a better handle on them. We proposed a graphic framework that could be used here: – Early Warning System (EWS) – Categorizing the risks Here we expand upon this framework and develop a [...]
Entries Tagged as 'metrics'
SMEs and security metrics – where should one start?
June 30th, 2007 · No Comments
Tags: adjusted · euro · ideally · measurement · measuring · metrics · organization’s · turnover
What are good security metrics? Check source then assess relevance
January 18th, 2007 · No Comments
Recently we have addressed various issues regarding securitymetrics, such as: – CyTRAP Labs – guide – developing IT security metrics that work for you – Managing risks while getting your CEO’s attention – communication matters – Security metrics – do you know what your boss wants? – CyTRAP Labs – guide- the seven deadly sins [...]
Tags: boss · ceo’s · conceptually · deadly · guide · managing · metrics · sins
CyTRAP Labs – guide – the seven deadly sins of security metrics
December 6th, 2006 · No Comments
As we all have learned, getting attention (and budget) from top executives for such efforts as risk and security mitigation is a challenge, see here: CyTRAP Labs guide to effective IT risk management – being conceptually thorough while keeping it simple CyTRAP Labs – guide – developing IT security metrics that work for you Managing [...]
Tags: application · conceptually · developing · guide · keeping · metrics · simple · standards
Security metrics – do you know what your boss wants?
November 11th, 2006 · No Comments
Your email: We have previously addressed how difficult it is to develop metrics that are not only reliable but also valid and have a strategic focus – meaning C-level executives do care about getting such numbers that relate to matters the care about (e.g., new markets, strategy, bottom line): – CyTRAP Labs – guide – [...]
Tags: bottom · care · markets · meaning · metrics · relate · reliable · valid
Security metrics – how does the military try to get it right for Iraq?
November 3rd, 2006 · No Comments
Your email: Since 2001 we have been addressing security metric issues: – Best Practice – Benchmarks – Metrics – Ten Worst Security Practices – LIB- NIST – Pub 800-55 – Using Metrics to Measure Security Controls, Processes and Procedures – Week 33 – Lib 1 – NIST Guidelines – Security Metrics that Work? Recently we [...]
Tags: began · developing · guide · metric · metrics · past · recent · you
CyTRAP Labs – guide – developing IT security metrics that work for you
October 17th, 2006 · No Comments
As you might have expected, there is no consensus on what security metrics should be used for measuring security effectiveness and benchmarking the enteprise. 2004-04-06 The Robert Frances Group reported in CSO magazine that the companies it surveyed used these metrics to assess security effectiveness: Which of the following key data elements does your organization [...]
Tags: detected · effectiveness · failed · invalid · logins · metrics · spam · unauthorized