Network Security: Detailed info on Re: Is there any way to measure IT Security??

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Management

[Top] [All Lists]

Re: Is there any way to measure IT Security??

from [Andrew Stewart] Network Security

[Permanent Link]

Subject:	Re: Is there any way to measure IT Security??
Date:	Sat, 13 Aug 2005 16:21:00 -0400


On Jul 28, 2005, at 7:56 PM, Fernando Martins wrote:

The technique must be risk analysis, considering the actual risks, vulnerabilities and loss costs estimation. If you want to measure, you must reduce everything to numbers. Start with the loss costs for your confidentiality, integrity and availability... Identify the vulnerabilities and the probability of a specific accident ... Define levels of security and the types of possible enemies ... At the end you will get 2/3 charts that have the measure of your security ...


You are suggesting that it is possible to identify:

1) The costs associated with a future breach (including the effect on intangible assets such as customer goodwill). 2) The true picture of vulnerability within an environment. 3) The probability that an attack will occur.

And, 4)  A way to map those metrics to the CIA triad.

I'm interested to know how, exactly.

- A

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Is there any way to measure IT Security??, Bohoudi, S. - Salah - RE: Is there any way to measure IT Security??, Craig Wright Re: Is there any way to measure IT Security??, Larry Marin (Irony Account) RE: Is there any way to measure IT Security??, Jose Varghese Re: Is there any way to measure IT Security??, Alberto Cardona II RE: Is there any way to measure IT Security??, Balachendran, Thamilarasu SITI-ITIBHW Fw: Is there any way to measure IT Security??, Fernando Martins Re: Is there any way to measure IT Security??, Andrew Stewart <= Re: Is there any way to measure IT Security??, Fernando Martins Re: Is there any way to measure IT Security??, Andrew Stewart Re: Is there any way to measure IT Security??, Gary Everekyan Re: Is there any way to measure IT Security??, John Alexander RE: Is there any way to measure IT Security??, Marriott, Bill (US - Dallas) Message not available RE: Is there any way to measure IT Security??, Alexandre Paradis RE: Is there any way to measure IT Security??, Newcomb, Kelly RE: Is there any way to measure IT Security??, shankarnarayan . d Re: Is there any way to measure IT Security??, Richard . Sullivan RE: Is there any way to measure IT Security??, prasanna.mukundan

Previous by Date:	defining change control severity, Laurin Buchanan
Next by Date:	Re: Is there any way to measure IT Security??, Fernando Martins
Previous by Thread:	Fw: Is there any way to measure IT Security??, Fernando Martins
Next by Thread:	Re: Is there any way to measure IT Security??, Fernando Martins
Indexes:	[Date] [Thread] [Top] [All Lists]