Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: Security Metrics

The Quest for Secure and Resilient Software

– Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…

Sandra Bullock and Security Metrics

– In his column in the March 30, 2010 New York Times, with the title “The Sandra Bullock Trade,” David Brooks reports that research has shown that interpersonal relationships are much more important for our wellbeing and happiness than are economic and professional successes. He concludes from…

Lord Kelvin’s New Clothes and Security Metrics

– I have the highest regard for Lord Kelvin. After all, I spent six years studying at the University of Glasgow, which is adjacent to Kelvingrove Park with its imposing statue of Lord Kelvin. I also have high regard for the Scots, despite my being branded (as are all foreigners) a Sassenach, or…

Security Risk Metrics and Decision Making Revisited

– There is an interesting quote by Nobel laureate Joseph E. Stiglitz in the September 23, 2009 issue of the New York Times. In an article on the first page of the Business Day section by Peter S. Goodman, with the title “Emphasis On Growth Is Called Misguided,” Stiglitz is quoted as saying the…

Does Security Awareness Work (pt. 2)? It all Depends on What You Mean by “Work”

– Several weeks ago this column printed an article entitled, “Does Security Awareness Work? Some Answers from Experimental Research.” The article presented results from three published experiments concerning the effectiveness of awareness programs. In the final paragraph of that piece, readers…