Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security Dashboard

from [Bret Watson] Network Security [Permanent Link]
Subject: Re: Security Dashboard
Date: Tue, 28 Feb 2006 17:55:43 +0800 
At 02:50 PM 24/02/2006, Fred Cohen wrote:


But in what sense does this help actually answer any important or
useful questions? Say I measure it and I find that the patch cycle
time for a computer is 5 days and the number of unpatched machines is
20% of all machines. What value does this have for me. Should it be
more? less? at what cost?

Fred has a point - I had a dashboard - or more accurately I was putting something on my CIO's dashboard indicating the status of his Audit issues. It worked because
1. We already had a management dashboard that was regularly used
2. I was already managing the data in a database
3. it is easy to generate a "traffic light" on audit issues:
red = issues missed commit date, don't have commit date or don't have owner
Yellow - you have issues, but they are managed
green no issues open

When it comes to things at the infrastructure level though - the first thing you need to get right is the process and the thresholds - else a dashboard just becomes the cool techo tool to what is really a people problem

Cheers,

Bret

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  How do top SOX compliance software vendors cheat ?, Michael Mallon
Next by Date:  Re: Security Dashboard, Richard Sullivan
Previous by Thread:  Re: Security Dashboard, mieke . kooij
Next by Thread:  Re: Security Dashboard, Richard Sullivan
Indexes:  [Date] [Thread] [Top] [All Lists]