Hi [[ session.user.profile.firstName ]]

Metrics That Don’t Suck: A New Way To Measure Security Effectivenes

How does your organization measure and report its security posture and performance? Do you have spreadsheets that show how many vulnerabilities you found last month, or how many viruses your AV system stopped? Those numbers might pacify your management, but any security pro can tell you that they are no way to benchmark the real work you do – or how much danger your enterprise might be in.

Maybe the problem is that we’re all trying to use the data we already have – host metrics, network metrics, applications data – instead of building the data we actually need. We need metrics that show the current range of threats, and the enterprise’s exposure. We need data that shows whether our security tools and programs are actually working or not. We need methods for demonstrating that our security teams are performing well – not only this month, but over a period of time.

In this thought-provoking presentation, we’ll describe methods for building an enterprise security metrics program that’s completely different from the current, sucky model of counting vulnerabilities or numbers of patches applied. We’ll outline methods for monitoring the threat landscape, and your organization’s exposure. We’ll offer some best practices for measuring the effectiveness of current security tools and systems. Best of all, we’ll outline a way to build a maturity model for security, so that you can show your security team’s performance on a month-to-month basis, and demonstrate its continuing improvement over time.

Want to stop reporting a bunch of crap and start building a real set of data that accurately measures your organization’s risk and its effectiveness in controlling it? Want to learn how to integrate security data across hosts, networks, and applications? Want your performance – and your company’s security posture – to be monitored using metrics that don’t suck? Here’s a chance to look at the picture from a whole new angle.
Recorded Feb 28 2012 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr. Mike Lloyd
Presentation preview: Metrics That Don’t Suck: A New Way To Measure Security Effectivenes

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
Presentations from the BSides Events and Beyond
Presentations from the BSides Events and Beyond

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Metrics That Don’t Suck: A New Way To Measure Security Effectivenes
  • Live at: Feb 28 2012 12:00 am
  • Presented by: Dr. Mike Lloyd
  • From:
Your email has been sent.
or close