BlogInfoSec.com

BlogInfoSec.com Spotlight

Metrics Revisited – Application Security Metrics

I have recently been giving some thought to, and doing some research into, application security metrics, and I have determined, quite simply, that there aren’t any good ones. “How ridiculous!” you say, “We have two dozen application security metrics, which we report in real time, daily, weekly and fortnightly.” Yes, I understand. You have measures that [...]

Continue Reading Post a comment Risk Analysis application security, metrics, risk management, Vulnerability Commentary

Your Information Security Program: It’s All About The Bones

(Frank Cassano) Welcome once again to the risk rack. This time on the risk rack I will be discussing the bones of an information security program namely the fundamental framework and standards Read more…

If You Can’t Protect Your Website, How Can You Protect The Country?

(Kenneth F. Belva) If politics is a contact sport, why do I expect that we will not hear the political argument, “If You Can’t Protect Your Website, How Can You Protect The Read more…

In the Workshop (pt. 2) - Building an Identity Management Solution

(Patrick Foley) When last in the workshop to build our own identity management system we laid the groundwork for a solution by identifying and analyzing our organization’s sourcing, staffing Read more…

VAR does it come from? CISCO Hardware Espionage

(Russell Handorf) When an organization looks at the threats to their infrastructure, they generally categorize them into two main headers: internal and external. And when they think about the Read more…

See More Featured Articles