• Save
Old Presentation on Security Metrics 2005
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Old Presentation on Security Metrics 2005



This is my old presentation on Security Metrics 2005

This is my old presentation on Security Metrics 2005



Total Views
Views on SlideShare
Embed Views



1 Embed 7

http://www.slideshare.net 7



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Old Presentation on Security Metrics 2005 Presentation Transcript

  • 1.
    • Metrics: Optimizing Security Operations Performance
    • Dr Anton Chuvakin
    • Chief Security Strategist
    • November 2005
  • 2. WARNING!
    • This is an old presentation; I am publishing it in the hopes that it will be useful for somebody.
    • I do not necessarily share all the views I held back in 2005!
    • And I ramble less now 
  • 3. Agenda
    • Catalysts for security performance metrics
    • Why security metrics are essential
    • Types of metrics and what to measure
    • Challenges surrounding metrics
    • The metrics lifecycle
  • 4. Catalysts For Security Performance Metrics
    • Enterprise compliance and governance initiatives
    • Need to manage security as a strategic business process
    • Pressure to demonstrate the efficiency of security technology and related efforts
  • 5. Managing Information Security Strategically
    • Compliance has shifted mindset from devices to process
    • Focus on continuous optimization
      • Conduct security assessment
      • Define policies, process, metrics, and baselines
      • Collect data; measure results against baselines over time
      • Identify process and policy weaknesses
      • Refine policy, process, and metrics
  • 6. Creating a Culture of Measurement: Recommendations
    • Define security policies and relevant metrics via security assessment
    • Capture all relevant security operational data
    • Generate reports off the data to measure success and identify performance gaps
    • Integrate security performance management data with enterprise compliance & governance initiatives
  • 7. Why Security Metrics?
    • You need to know if…
    • your security strategies are successful
    • you require more resources
    • there are in-efficiencies
    • you are compliant
    “ You can’t manage what you can’t measure”
  • 8. Types of Metrics
    • Technical
      • eg: Percentage of systems with virus protection
    • Process
      • eg: Average virus incident resolution time
    • Risk
      • eg: Risk of viruses for a specific business unit
    • Cost
      • eg: Average cost of virus incident
  • 9. Criteria for Good Metrics
    • When determining the metrics that you will track, be SMART…
    • S pecific
    • M easurable
    • A ttainable
    • R epeatable
    • T ime-dependent
    • And… your results need to be ACTIONABLE !
  • 10. Metrics and Baselines
    • Baselines are metrics that are compared to aggregated information about the past
    • Common baselines
      • Yesterday (“NASDAQ is up by a 100”)
      • Average (“This took us 3 more time than the average case”)
      • Maximum (“The traffic is spiking 300% over the maximum!”)
    • Baselines enjoy the ease of interpretation !
    What is the difference?
  • 11. Perceived Effectiveness of Metrics Source: CSO Magazine, 2005
  • 12. Key Challenges with Security Metrics
    • “Let’s make up some metrics…”
      • Metrics must be based on policy to be effective
    • Where is the data?
      • Difficulties in acquiring raw data for measurement
    • So many metrics, so little time…
      • Which indicators should we compute and use?
    • What does it mean?
      • Interpreting the changes in measures parameters
    • “Go back and try it again!!!”
      • Challenges with presenting metrics to executives
    • What do we do now?
      • Defining actions and remediation planning
  • 13. Future of Security Metrics
    • “ Information Security Management Metrics and Measurement” ( ISO 27004 ) in 2007-2009
    • Increased adoption of NIST 800-55
    • Legal and compliance drivers for standard metrics
    • Growth of “ best practices ”-based metrics
    • Convergence of security vendor metrics
    • More automation of metrics
    Metrics and Crystal Ball Gazing Don’t Mix, but…
  • 14. Conclusion
    • Security needs to be managed as a strategic business process (bla-bla-bla  )
    • Enterprise compliance and governance initiatives are driving security performance metrics
    • Establishing a security metrics program is essential to determining if
      • your security strategies are successful
      • you are compliant
    • In the future metrics will be based on standards
  • 15. Thanks for Viewing
    • Dr Anton Chuvakin
    • http://www.chuvakin.org
    • Also see my blog at www.securitywarrior.org