Tag Archives: information security metrics

Driven off the Road by Security Metrics

August 1, 2011 – 6:00 am – An article in the July 18, 2011 issue of TIME Magazine caught my eye. It was Rana Foroohar’s piece, on page 22, with the title “Driven off the Road by M.B.A.s: The rise of business schools coincided with the fall of American Industry.” The thesis presented is that the U.S. economy tanked…
By | Posted in CSO/CISO Perspectives, Security Metrics | Also tagged , , , , , , , | Comments (0)

Lord Kelvin’s New Clothes and Security Metrics

November 30, 2009 – 6:00 am – I have the highest regard for Lord Kelvin. After all, I spent six years studying at the University of Glasgow, which is adjacent to Kelvingrove Park with its imposing statue of Lord Kelvin. I also have high regard for the Scots, despite my being branded (as are all foreigners) a Sassenach, or…
By | Posted in Security Metrics | Also tagged , , , | Comments Off on Lord Kelvin’s New Clothes and Security Metrics

BSIMM – Top Ten Surprises

May 26, 2009 – 6:00 am – In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…
By | Posted in Auditing, General, Security Metrics | Also tagged , , , , , , , | Comments (0)

Down the PCI Rabbit Hole in Search of Better Risk Measurements

November 6, 2008 – 6:00 am – Decision-making is often a product of risk assessment and prioritization.  Currently, I have several deliverables pending for work, a carpentry project at home and this article to write.  As I decide which to address, I quickly, and in many cases, unconsciously, analyze what I am placing at risk…
By | Posted in Risk Analysis, Security Metrics, Technical | Also tagged , , , , , | Comments (0)