10 Tips for Getting Started With Security Metrics

By Joe GottliebIt’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path.There are some must-haves that need to be in place – or at least discussed—in order for a security metrics initiative to have any chance of success:

Security Metrics Go Prime Time at Metricon 6

The metrics movement that has been slowly but surely infiltrating the security community in the last few years has had its own annual gathering–Metricon–for some time now. It’s been a small, quasi-academic conference since its inception, but now Metricon’s organizers are branching out a bit, bringing in some speakers and content that are outside the norm and appealing to a broader audience.

By David Mortman
I spent some time earlier this week at mini-metricon, a workshop that was inspired by the success of Andrew Jaquith’s security metrics mailing list and the larger Metricon which is held each year in conjunction with the USENIX Security Conference. In essence members of the mailing list gather each year on the Monday before RSA and share what they are doing with regards to security merics within their organizations.

Microsoft on Wednesday plans to launch a new research effort to determine the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch. The end result of the project, which will be completely open and transparent to outsiders, will be a full metrics model that the company plans to make freely available.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.