Judging by the blog stats readers have been enjoying my Trends for Information Security and Long Tail of Information Security (Part 1 and Part 2) posts earlier this week. A few people have mailed me off-line asking for clarifications and suggesting ideas. Having thought about the questions raised and fired off answers (with various degrees of thought) [...]
Archive for the 'Security metrics' Category
More Long Tail Security Thoughts
August 13, 2007The Long Tail of Information Security (Part 2)
August 5, 2007My last post The Long Tail of Information Security (Part 1) described why I think information security exhibits Long Tail economic characteristics, outlined the three forces of long tail markets and discussed the first, democratization of tools for production. The intent is to provide an insight into what the future of information security may look [...]
The Long Tail of Information Security (Part 1)
August 4, 2007
I have just finished reading the Long Tail by Chris Anderson (editor of Wired). It is brilliant and the best book I have read in several years. Its in the same class as Freakonomics and The Tipping Point. I highly recommend anyone who reads my blog reads the Long Tail if they haven’t already done [...]
Trends in Information Security
August 4, 2007I found myself thinking some “big sky” thoughts about trends in information security recently. Here they are.
- The Business of Information Security
- The Internet Economy
- Governance, Risk and Compliance
- The Hunt for the Information Security Bullet is Ending
- The Whole Solution Movement
- Convergence and Integration
- The World is Flattening
The Business of Information Security
As the new breed [...]
Information Security Metrics Dashboard Example - People Productivity
July 12, 2007I am in London with my friend Andreas Fuchsberger. He jokingly showed me his information security personal productivity metric dashboard for the last year hanging on his door!
Vulnerability Auctions
July 6, 2007The choice for selling zero days just got better. WabiSabiLabi are now offering an auction system for security researchers to get the best possible price for their work. The BBC story is here.
Security Metrics - GCSH
July 3, 2007I am not religious (see below) but if I were I would be a Buddhist. The concepts, teachings, ideas are all very interesting me and the Art of Happiness certainly changed my life completely. Note to self: read it more often to condition yourself! Its fair to say I am fascinated by Buddhism and plan [...]
55% of Application Security Vulnerabilities are Missed By Tools
June 28, 2007Jeff Williams took over running OWASP from me way back when. No only is he a nice bloke, nearly 7 feet tall and has done a superb job with OWASP, but he’s super smart as well. I was sent some slides he was using to promote OWASP.
https://www.owasp.org/images/a/ad/OWASP_Overview_Spring_2007.ppt
Slide 4 is shown below and caught my eye. [...]
The Tim O’Reilly Book Publishing Metrics Executive Dashboard
June 25, 2007I like dashboards, more importantly I love the potential for information security management in them. The O’Reilly Information Dashboard Design book is simply superb and so I was intrigued when I saw this example come across the Dashboard Spy this weekend.
I have a nice little collection of security dashboards I will publish soon. Let me re-phrase that; I [...]
Information Security Metrics Dashboard
March 14, 2007http://www.enterprise-dashboard.com/2007/03/14/information-security-metrics-dashboard-a-rare-insider-glimpse-into-threat-management-levels/
While its good to see this stuff being collected and used I don’t think Tufte would be smiling!
Recent Comments