Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Executive Women's Forum - Information Security, Risk Management and Privacy

Tag Archives: metrics

Crossing the Metrics Rubicon: Quest for the Perfect Measurement

– Security metrics represent a great untamed wilderness for organizations trying to determine both their risk profile and the effectiveness of the resources they have allocated to their security program. When I first became a security person after a career managing customer service, finance, and…

Provisioning: Security’s First Step to Measuring Organizational Impact

– Security is often accused, occasionally with merit, of being an obstacle to an organization’s business. While the drumbeat of cyber threats has at least raised the technology risk consciousness of many business managers, security professionals still have the challenge of quantifying how big an…

The OCC and Application Security: Vindication at Last

– On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…

Metrics Revisited – Application Security Metrics

– I have recently been giving some thought to, and doing some research into, application security metrics, and I have determined, quite simply, that there aren’t any good ones. “How ridiculous!” you say, “We have two dozen application security metrics, which we report in…

Metrics: A Measure of Security

– Everyone seems to be measuring security. After all, the common mantra is “You can’t manage what you can’t measure.” And security cries out to be managed. But which are useful security metrics? Are we investing appropriately in the measurement of various aspects of security? I think that…