PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2008

Researcher Puts Quantitative Measurement on Information Security Threats

A power company's security researchers shed new light on prioritizing threats though quantitative analysis. Microsoft and Oracle are generous enough to regularly provide severity ratings on vulnerabilities. And automated vulnerability assessment, configuration and patch management tools have made flaw-fixing run of the mill. That's a good thing. But we're all resource-strapped, right? And we know those severity ratings aren't universal. My critical flaw is your moderate it-can-wait-until-next-month bug. Can you afford to solely rely on a generic vulnerability scanner to prioritize how your security organization patches systems? Maybe it makes sense to concentrate more on the threat portion of the risk equation (you know the one: risk = asset value * vulnerability * threat). What if you could put a quantitative score on threats specific to your environment? What if those scores were based on relevant intelligence from law enforcement and some of the best minds in security? Well, in another testament to the notion that some of the...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

  • Comparative Product Review: Six Web Application Firewalls

    No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls from Barracuda, Bee Ware, Breach Security, Citrix, F5 and Imperva that help deliver your critical apps securely.

Columns in this issue