Premium Content

Access "Researcher Puts Quantitative Measurement on Information Security Threats"

Published: 20 Oct 2012

A power company's security researchers shed new light on prioritizing threats though quantitative analysis. Microsoft and Oracle are generous enough to regularly provide severity ratings on vulnerabilities. And automated vulnerability assessment, configuration and patch management tools have made flaw-fixing run of the mill. That's a good thing. But we're all resource-strapped, right? And we know those severity ratings aren't universal. My critical flaw is your moderate it-can-wait-until-next-month bug. Can you afford to solely rely on a generic vulnerability scanner to prioritize how your security organization patches systems? Maybe it makes sense to concentrate more on the threat portion of the risk equation (you know the one: risk = asset value * vulnerability * threat). What if you could put a quantitative score on threats specific to your environment? What if those scores were based on relevant intelligence from law enforcement and some of the best minds in security? Well, in another testament to the notion that some of the brightest security research ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free