Blog Posts Tagged with "metrics"
The subtle difference between metrics and insight
October 18, 2012 Added by:Rafal Los
The audience matters when you're collecting data and trying to make sense of it. In fact, the audience matters so much that sometimes you can't even 'refine' your way from one tier to another without going out and collecting a whole new set of data..
Comments (2)
Five Tips for CISOs Presenting to the Board
October 01, 2012 Added by:Tripwire Inc
As security is becoming more important in the overall risk posture of organizations, boards are becoming more interested hearing directly from security executives which requires a different level of communication that CISO/CSOs may not be used to presenting...
Comments (0)
Security Metrics: Five Tips
September 03, 2012 Added by:Tripwire Inc
By Dwayne Melancon - I was in a session with someone who provides security consulting, picking his brain for what is working as he helps organizations translate security into something meaningful to the business. This is the paraphrased version
Comments (0)
Countermeasures, Weather Forecasts, and Security Metrics
July 25, 2012 Added by:Tripwire Inc
Take a look at the things you measure. In particular, take a look at the things that become part of your bonus calculations or your performance reviews. If you are being measured against things that feel more like Tracking Indicators (like a weather forecast), then it’s time to renegotiate your Metrics...
Comments (0)
UP and to the RIGHT: Strategy and Tactics of Analyst Influence
July 23, 2012 Added by:Ben Rothke
If up and to the right is the desired Magic Quadrant location, how does one get there? For many tech firms, they often are clueless. In this book, Stiennon provides clear direction. For those looking to make the expedition to the land of Gartner, this book is a veritable Berlitz Guide on how to make the journey...
Comments (0)
What Actions Do Your Security Metrics Promote?
July 12, 2012 Added by:Tripwire Inc
“It is possible to focus on a single metric and drive it up or down, but wreak havoc on the organization through unintended side effects. Some organizations have to deal with some people “gaming the metrics”, which again can lead to unintended side effects. Other organizations use metrics as a way to begin a conversation..."
Comments (0)
Are Your Security Metrics “Top Five" Worthy?
July 09, 2012 Added by:Tripwire Inc
In conversations with infosec executives, a common question is “What should I really be measuring?,” or they make comments like “I report on a lot of things, but I am not sure what the top security indicators are that I should roll up to my executive team.” Here are the five characteristics of effective metrics...
Comments (1)
Five Reasons Why You Need an Application Security Program
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
Comments (0)
OTA Introduces Online Trust Index Measuring Website Security
June 07, 2012 Added by:Headlines
"OTA's work to recognize best practices for sites underscores the importance of focusing on security and privacy holistically. This year's honor roll recipients have demonstrated exceptional leadership and commitment towards consumer protection and to enhance the vitality of the internet"...
Comments (0)
Infosec Subjectivity: No Black and White
June 04, 2012 Added by:Dave Shackleford
Overall, here’s the rub: There are almost no security absolutes. Aside from some obvious things like bad coding techniques, the use of WEP, hiring Ligatt Security to protect you, etc... Everything else is in information security the gray area...
Comments (1)
NIST Workshop: The Technical Aspects of Botnets
May 16, 2012 Added by:Infosec Island Admin
NIST seeks to engage all stakeholders to identify the available and needed technologies and tools to recognize, prevent, and remediate botnets; explore current and future efforts to develop botnet metrics and methodologies for measuring and reporting botnet metrics over time...
Comments (0)
Some Observations on Klout Scores
May 15, 2012 Added by:Ben Rothke
Influence is extremely difficult to measure. In the academic world, the Hirsch number is an index that attempts to measure the impact of a published work, but like every index it can be manipulated. So is Klout an effective method of measuring online influence? From my analysis, no...
Comments (0)
Cybercrime Does(n't?) Pay
May 14, 2012 Added by:Beau Woods
Although many studies fail at basic science, I'm hopeful that the information security industry will get better both at true academic research and at coming up with accurate metrics for the most important data. We'll get there as we mature as an industry, but it will take a while...
Comments (0)
Compliance: To Boldly Go Where the Board Needs to Go
April 29, 2012 Added by:Thomas Fox
I was thinking about Captain Kirk and his leadership of the Enterprise in the context of issues relating the Board of Directors responsibility in a company’s compliance program. Kirk did not have to deal with a BOD, but he did lead from the front, and that is what a CCO must do...
Comments (0)
Making Security Metrics That Matter
April 22, 2012 Added by:Robb Reck
The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...
Comments (2)
CIOs and Securing Data with Analytics
April 19, 2012 Added by:Bill Gerneglia
This expanding rate of potential threats call for a new way to approach corporate data security. The latest approach is one that is based on intelligence and BI tools. Security intelligence applies advanced analytics and automation technology to the collection of information from hundreds of sources across an organization...
Comments (1)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox