Tom Bowers, Technical Editor, Information Security magazine, presented this session at Information Security Decisions

    Requires Free Membership to View

Fall 2005.


Most discussions of security metrics focus on abstract theory -- how to measure security using complex equations that are only practical in a "perfect" world. This session takes the opposite tack, honing in on real-world methods for developing security metrics given the technical and cultural constraints within the modern organization. Tom Bowers, manager of information security operations at a large pharmaceutical company and technical editor for Information Security, offers insight into metrics that work for his company and other organizations he's familiar with. Tom details current, real-world projects and explains how he and his fellow security practitioners demonstrated value to the business units, as well as the CFO and CIO, without expensive, time-consuming academic formulas.

Download this presentation and learn:

  • The theories for generating metrics and if they apply to security
  • Where to find measurable security statistics
  • Practical low/no cost tools available
  • Tips on presenting the business value where ROI is difficult to justify
  • How to leverage security events occurring outside your company in your presentation

Download this presentation


This was first published in October 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.