Category Archives: Security Metrics

Value and Uncertainty in Pandemic Metrics

– New York Governor Andrew Cuomo’s daily briefings have become a mainstay of support for many during the COVID-19 pandemic, especially with New York being the initial epicenter of the disease in the U.S. It is clear that Cuomo’s polished slide presentations have been developed by consultants…

Truth, Trust and Cybersecurity Risk

– It is a sad reflection on the times, but it is becoming increasingly difficult to distinguish among true and false “facts,” accurate and misleading interpretations, and personal and politically-expedient beliefs. In my November 11, 2019 BlogInfoSec column “Are Cybersecurity Intelligence and…

Are Cybersecurity Intelligence and Security Metrics Statistically Significant?

– It is customary to begin an article on cybersecurity with some statement about the exponential growth of threats, attacks, vulnerabilities, etc. I’m no different. It seems like a reasonable, generally accepted thing to do. So, I was somewhat surprised when someone pushed back on such a statement…

Security Metrics and Tesla’s Safety Statistics

– I have long railed against the inadequacy of popular easy-to-record security metrics. They usually lack critical information about the nature and severity of vulnerabilities and are therefore misleading in providing support for decision-making. I addressed this point in my article “Accounting…

More Password Folly

– This is the season when we usually learn about the list of the most popular—and hence vulnerable—passwords … and this year is no exception. From evaluating “millions of leaked passwords,” Splashdata determined which were the most easily hacked. Topping the list is “123456,” followed…