Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
- Rob on Agility and Risk Compensation: Exploring the Connection
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Category Archives: Security Metrics
PCI DSS Position on Patching May Be Unjustified
June 27, 2008 – 6:00 am
–
Verizon Business recently posted an excellent article on their blog about security patching. As someone who just read The New School of Information Security (an important book that all information security professionals should read), I thought it was refreshing to see someone take an…
A Return to ROSI: The Economics of Security
May 23, 2008 – 6:00 am
–
It has been interesting to observe that two posts on ROSI (return on security investment) have been on this web site’s most popular list for more than a month. And it is further of interest in that the two posts take somewhat opposing views, which is actually quite representative of the…
Metrics: A Measure of Security
March 19, 2008 – 6:00 am
–
Everyone seems to be measuring security. After all, the common mantra is “You can’t manage what you can’t measure.” And security cries out to be managed.
But which are useful security metrics? Are we investing appropriately in the measurement of various aspects of security? I think that…
Intel ROSI Paper: Sets Practical Guidelines and Proper Expectations
January 24, 2008 – 6:00 am
–
Late last year I read Matthew Rosenquist’s paper, Measuring the Return on IT Security Investments, over at Intel. I’m glad I have a few minutes to write about it.
The premise for the paper is simple: the implementation of a security measure (control) should result in a decrease in the…
Metrics Revisited – Application Security Metrics