Collaborate Disseminate
Oftentimes, how organizations measure risk determines how they will prioritize investments. For IT professionals, building a set of metrics for security needs is often accompanied by feelings of anxiety, because if measurements look at the wrong data … Continue reading Measuring Security Risk vs. Success
We have discussed previously, such as in my May 18, 2020 BlogInfoSec column, some of the more challenging characteristics of data, such as those relating to value and uncertainty, which are generally not given adequate consideration. This is because th… Continue reading Cybersecurity Lessons from the Pandemic: Metrics and Decision-Making
Having discussed issues relating to the collection and reporting of COVID-19 data in Part 1, we now turn to cyberspace, even though the jury is still out regarding much of the pandemic data. Equivalent situations to those described with respect to the … Continue reading Cybersecurity Lessons from the Pandemic: Data – Part 2
Given that the average time to weaponizing a new bug is seven days, you effectively have 72 hours to harden your systems before you will see new exploits. Continue reading Mean Time to Hardening: The Next-Gen Security Metric
It is customary to begin an article on cybersecurity with some statement about the exponential growth of threats, attacks, vulnerabilities, etc. I’m no different. It seems like a reasonable, generally accepted thing to do. So, I was somewhat surp… Continue reading Are Cybersecurity Intelligence and Security Metrics Statistically Significant?
It is customary to begin an article on cybersecurity with some statement about the exponential growth of threats, attacks, vulnerabilities, etc. I’m no different. It seems like a reasonable, generally accepted thing to do. So, I was somewhat surp… Continue reading Are Cybersecurity Intelligence and Security Metrics Statistically Significant?