Access your Pro+ Content below.
Ranum Q&A: How to make the grade in information security metrics
This article is part of the July / August 2014 Vol. 16 / No. 6 issue of Information Security magazine
How do you measure the effectiveness of your security program? Marcus Ranum uncovers how one Ivy League school uses information security metrics to improve and automate its processes in this Q&A with Joel Rosenblatt, the director of computer and network security at Columbia University's Information Security Office. A Columbia alumnus, Rosenblatt has tapped the keyboards at the New York institution in the Upper West Side of Manhattan since 1973, first as an engineering student, then as a mainframe systems programmer and manager. Rosenblatt got hooked on security metrics (and nailing the "bad guys") when he was asked to build the university's security program in 2000. He used security measurements to enhance a range of projects from identity management to asset protection. All that data has paid off. Information security metrics have provided concrete measurements to justify automated processes that monitor networks and systems, and even take care of compliance issues related to online copyright infringement. I've known you for, ...
Features in this issue
Big data offers horizontal scalability, but how do you get your database security to scale along with it?
Immature products and a lack of standardization raise critical questions about first-party risk and third-party liability.
FedRAMP raises the bar for security among applicable cloud providers, but can it influence broader cloud computing contracts and standards?
This Beyond the Page examines how some enterprises are protecting their big-data ecosystems with encryption, security data analysis and visualization.
Columns in this issue
Security deserves a seat at the risk management table.
Marcus Ranum chats with Columbia University's Joel Rosenblatt to learn how "apples to apples" comparisons helped automate critical security processes.
Threat intelligence feeds help you prioritize signals from internal systems against unknown threats. Security intelligence takes it a step further.