Georges,
You might look at:
http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf
Also, I realize that it requires a annual membership
fee, but the Information Risk Executive Council (IREC)
has a great metrics methodology
(https://www.irec.executiveboard.com).
Some of the typical manually generated security
metrics that I've seen are things like:
Patch cycle times vs. unpatched machines (from SUS or
automated patch tools, manual patch application and
monitoring, etc)
Phishing, SPAM content blocked at SMTP gateways
Helpdesk calls- virus cases, password resets, static
token requests
Vulnerabilities over time (Qualysguard, Foundscan,
IP360, Nessus, consulting reports, etc)
Security policy compliance (ISO17799)
Typically, this information gets sent up the chain to
various IT Executives such as CIOs, CTOs, CISOs, Audit
Directors, and/or corporate governing bodies.
Regards,
Steve
--- horizons nouveaux <horizonsnouveaux@hotmail.com>
wrote:
hi,
Most of you answered me with technology solution. At
that time i'm more
involved in the security dashboard land meaning
which kind of information i
will provide to who (security manager, auditor,
compliance officer,...).
Does someone spend sometime on that aspect?
georges.
Symantec has a product called Information Assurance
Dashboard (IAD)... it does the same thing-
correlates
log data and can give executive management logins
to
the tool and/or reports with colored graphs and
charts.
I have been using e-security to get something
similar.
Georges,
try www.ca.com
they have a product called e-trust audit and
security command center.
With that in place you can centralize logs
from
diff. platforms.
And then you can use security command center
to
create bussines driven
views for high level managment.
Regards,
Hector.
"horizons nouveaux"
<horizonsnouveaux@hotmail.com>
To:
security-management@securityfocus.com,
loganalysis@securityfocus.com
cc:
Monday February 13, 2006 04:46
a.m.
Subject: Security
Dashboard
Guys,
I'm working on a study regarding dashboard
implementation accross company.
I'm working on two different levels:
- For security operations, i investigate how
to
control change management
and incident handling from all logs our
environnement produce.
- For security management - which consolidate
information we can provide.
If you have pragmatic informations,
documentstaions or samples i will be
pleased to exchange idea with you.
I need to present that to system engineer,
security operators,... So i need
to include their concerns.
kr
georges
_________________________________________________________________
Express yourself instantly with MSN Messenger!
Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_________________________________________________________________
Express yourself instantly with MSN Messenger!
Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
