Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: information security metrics

Driven off the Road by Security Metrics

– An article in the July 18, 2011 issue of TIME Magazine caught my eye. It was Rana Foroohar’s piece, on page 22, with the title “Driven off the Road by M.B.A.s: The rise of business schools coincided with the fall of American Industry.” The thesis presented is that the U.S. economy tanked…

Lord Kelvin’s New Clothes and Security Metrics

– I have the highest regard for Lord Kelvin. After all, I spent six years studying at the University of Glasgow, which is adjacent to Kelvingrove Park with its imposing statue of Lord Kelvin. I also have high regard for the Scots, despite my being branded (as are all foreigners) a Sassenach, or…

BSIMM – Top Ten Surprises

– In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…

Down the PCI Rabbit Hole in Search of Better Risk Measurements

– Decision-making is often a product of risk assessment and prioritization.  Currently, I have several deliverables pending for work, a carpentry project at home and this article to write.  As I decide which to address, I quickly, and in many cases, unconsciously, analyze what I am placing at risk…