SecurityRatty: tag: measure

Measure the effectiveness of awareness efforts

2008-04-27 08:32:03 by Editor in Adventures in Security

...measure the effectiveness of awareness efforts. How does a security manager know, and how can she demonstrate to senior management, that employees actually 'get it

Tags: awareness efforts, inside company walls, information protection efforts, security manager, security incidents, effectiveness, employee awareness, senior management, measure

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...measure and comes up with metrics that will tell us how we're doing against it The goal of metrics should be, where possible, to create objective measures of something. Whereas some of the metrics described in the paper are quite objective, others are more than a little fuzzy and I don't think represent reasonable ways to measure security ...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle

...measure How secure is secure is far more difficult than one might think. Id like to share my perspective that there are two dimensions useful to consider when characterizing software security metrics: security functional requirements and security engineering quality requirements . While the SDL is focused primarily (but not exclusively) on...

Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security

...measure the current state, compare the results against what the state should be, and show where we are out of compliance. Essentially, audits help us know that we are indeed doing what we say we're doing Audits are the natural outcomes of implementing good policies and following effective procedures. It makes no sense to spend time developing...

Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle

...measure security improvement resulting from the SDL I've raised this topic before, in my blog post The First Step on the Road to More Secure Software is admitting you have a Problem . Here are two pertinent quotes from that blog post of Feb 21 st Let's face it, no-one can agree on any measurement of security without getting knotted up...

Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs

The Checklist

2008-02-07 20:14:00 by Security Retentive in Security Retentive

...measurements and results As a result of this public tracking, the key doctor from the paper, Pronovost, was able pretty clearly to tell whether his process changes were having a positive or negative effect. He had lots of public data to draw from, and the incidence rate at any given hospital is large enough that we can start to make valid...

Tags: secure, develop secure software, software, software development organizations, health, health care delivery, security, checklist, software development world

Measuring Vulnerability

2008-04-14 14:31:38 by JonesJ in RiskAnalys.is

...measurement scale for some threat categories (e.g., human capability Our measurements are imprecise (e.g., we cant measure force or resistance perfectly One or more of the values being measured may vary over time (e.g., hurricane wind speed varies throughout the lifetime of the storm, and strength can change throughout the lifetime of a...

Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control

Cost/Benefit Analysis of Airline Security

2008-07-21 05:53:15 by schneier in Schneier on Security

...measures" by Mark Stewart and John Mueller, is excellent reading: The United States Office of Management and Budget has recommended the use of cost-benefit assessment for all proposed federal regulations. Since 9/11 government agencies in Australia, United States, Canada, Europe and elsewhere have devoted much effort and expenditure to...

Tags: cost-effective, cost-effective security measure, cost, cost-effective measure, opportunity cost, cost-benefit analysis, additional cost, cost-benefit assessment, benefit

Network Solutions Frontrunning And Tasting, Version 1.1

2008-01-09 22:21:14 by Editor in Cheap Hack

...measure. I want to update you on some of the improvements we are implementing in the near term We have changed the current webpage to which reserved domain names resolve to a general under construction page. Additionally, all new reserved names after tonight will not resolve to any page at all This week, we will be making enhancements that...

Tags: network solutions, domain names resolve, names, network solutions grab, protection, customer protection measure, resolve, domain, home page

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo