SecurityRatty: tag: measure

Measure the effectiveness of awareness efforts

2008-04-27 08:32:03 by Editor in Adventures in Security

...measure the effectiveness of awareness efforts. How does a security manager know, and how can she demonstrate to senior management, that employees actually 'get it

Tags: awareness efforts, inside company walls, information protection efforts, security manager, security incidents, effectiveness, employee awareness, senior management, measure

Group to release uniform metrics to measure IT security

2008-09-08 00:00:00 by HASH0x8472bc8 in Network World on Security

The Center for Information Security (CIS) is set to release guidelines for how enterprises can measure the state of their organization's security and launch a service for companies to compare their performance with their peers

Tags: security, information security, release guidelines, measure, compare, peers, cis, launch, companies

Group to release uniform metrics to measure IT security

2008-09-08 13:00:00 by Editor in Computerworld Security News

The Center for Information Security (CIS) is set to release guidelines for how enterprises can measure the state of their organization's security and launch a service for companies to compare their performance with their peers

Tags: security, information security, release guidelines, measure, compare, peers, cis, launch, companies

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...measure and comes up with metrics that will tell us how we're doing against it The goal of metrics should be, where possible, to create objective measures of something. Whereas some of the metrics described in the paper are quite objective, others are more than a little fuzzy and I don't think represent reasonable ways to measure security ...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle

...measure How secure is secure is far more difficult than one might think. Id like to share my perspective that there are two dimensions useful to consider when characterizing software security metrics: security functional requirements and security engineering quality requirements . While the SDL is focused primarily (but not exclusively) on...

Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security

...measure the current state, compare the results against what the state should be, and show where we are out of compliance. Essentially, audits help us know that we are indeed doing what we say we're doing Audits are the natural outcomes of implementing good policies and following effective procedures. It makes no sense to spend time developing...

Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle

...measure security improvement resulting from the SDL I've raised this topic before, in my blog post The First Step on the Road to More Secure Software is admitting you have a Problem . Here are two pertinent quotes from that blog post of Feb 21 st Let's face it, no-one can agree on any measurement of security without getting knotted up...

Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs

The Checklist

2008-02-07 20:14:00 by Security Retentive in Security Retentive

...measurements and results As a result of this public tracking, the key doctor from the paper, Pronovost, was able pretty clearly to tell whether his process changes were having a positive or negative effect. He had lots of public data to draw from, and the incidence rate at any given hospital is large enough that we can start to make valid...

Tags: secure, develop secure software, software, software development organizations, health, health care delivery, security, checklist, software development world

Measuring Vulnerability

2008-04-14 14:31:38 by JonesJ in RiskAnalys.is

...measurement scale for some threat categories (e.g., human capability Our measurements are imprecise (e.g., we cant measure force or resistance perfectly One or more of the values being measured may vary over time (e.g., hurricane wind speed varies throughout the lifetime of the storm, and strength can change throughout the lifetime of a...

Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo