Premium Content

Access "New measures for security metrics: Ranum Q&A with Jay Jacobs"

Published: 29 Oct 2013

Information security metrics abound, but few reports garner the attention awarded Verizon's Data Breach Investigations Report. The 2103 DBIR, which highlighted China's alleged cyberespionage among other significant breaches, was based on data pooled from 19 organizations worldwide. Marcus Ranum had a bone to pick with one of the "top external actors" charts, fueled by a healthy skepticism he attributes to his college days in statistics class. "[T]hose lectures had the effect of making me hyper-skeptical about any large, round number that's thrown my way," he bloggedin May shortly after the report was released. Where do you see VERIS going in the future? Is this the kind of thing that could eventually become a requirement for regulated industry segments? Marcus J. Ranum, chief security officer, Tenable Security Inc. This month, Ranum digs into some of the industry issues surrounding the report with co-author Jay Jacobs, a senior data analyst on the Verizon RISK team. Exploring and visualizing data is also the topic of an upcoming book -- look for it in ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features
    • Virtualization security dynamics get old by Chris Hoff

      Companies have embraced virtualization and cloud computing, but security is still bolted-on. Here's what needs to change.

    • Eliminating black hat bargains by Robert Lemos

      Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.

    • Beyond the Page: Virtual security by Christofer Hoff

      In the November 2013 Beyond the Page on virtual security, Chris Hoff examines the challenges infosec pros face in finding the right security strategy for their enterprise network.

    • Executive viewpoint: Mixed messages on software security by Robert Richardson, Editorial Director

      Software security ranks high among security executives' concerns but low in terms of time spent, according to an (ISC)2 CXO study.

More Premium Content Accessible For Free

  • Strategies for a successful data protection program
    data_protection_2014.png
    E-Handbook

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...

  • Devices, data and how enterprise mobile management reconciles the two
    ISM_supp_1014.png
    E-Zine

    The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...

  • Putting security on auto-pilot: What works, what doesn't
    security_auto-pilot.png
    E-Handbook

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...