Tag Archives: cybersecurity metrics

Cybersecurity Lessons from the Pandemic: Metrics and Decision-Making

– We have discussed previously, such as in my May 18, 2020 BlogInfoSec column, some of the more challenging characteristics of data, such as those relating to value and uncertainty, which are generally not given adequate consideration. This is because these types of data may be much more costly and…

Cybersecurity Lessons from the Pandemic: Data – Part 2

– Having discussed issues relating to the collection and reporting of COVID-19 data in Part 1, we now turn to cyberspace, even though the jury is still out regarding much of the pandemic data. Equivalent situations to those described with respect to the pandemic regarding deficiencies in the…

Are Cybersecurity Intelligence and Security Metrics Statistically Significant?

– It is customary to begin an article on cybersecurity with some statement about the exponential growth of threats, attacks, vulnerabilities, etc. I’m no different. It seems like a reasonable, generally accepted thing to do. So, I was somewhat surprised when someone pushed back on such a statement…

Security Metrics and Tesla’s Safety Statistics

– I have long railed against the inadequacy of popular easy-to-record security metrics. They usually lack critical information about the nature and severity of vulnerabilities and are therefore misleading in providing support for decision-making. I addressed this point in my article “Accounting…

More Password Folly

– This is the season when we usually learn about the list of the most popular—and hence vulnerable—passwords … and this year is no exception. From evaluating “millions of leaked passwords,” Splashdata determined which were the most easily hacked. Topping the list is “123456,” followed…