Security Basics mailing list archives
Re: Tools to collect and manage security metrics
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 19 Dec 2011 14:29:10 -0600
sfmailsbm () gmail com writes:
Hi All, One of the challenges in managing IT security is metrics. With appropriate metrics you can show through dashboards what your security posture is and how it is evolving This is particularly helpful if you want to show ur management how an investment in security is bringing 'concrete' results However, collecting, analysing, processing metrics can be very tedious and each organisation has it's own needs Would the forum have any ideas about open source or commercial tools that can help get started with security metrics? Any help will be greatly appreciated
I'd be happy to give a +1 to Tenable Security Center on this front for giving some very flexible metrics, dashboards and remediation workflow for vulnerability management. Security Center leverages Nessus for vulnerability scanning, and is also a platform where log correlation and passive vulnerability information taken off the network can all contribute to dashboards, automatic reports and generally lots of useful goodies to keep driving a company's patch and update posture toward maturity. It's always satisfying watching those vulnerability trend graphs trend downwards after you invariably uncover systems people have forgotten about, or software people didn't know they really needed to be patching. http://www.tenable.com/products It's a Commercial tool and licensed based on IP count. One of the nice things about it in a segmented environment is that once you pay for security center, you can spin up as many Nessus instances as you want at no additional charge. I have no affiliation with them other than rather happy user. If you have a bigger picture metrics issue to solve that looks at risk from a higher level perspective, then Governance Risk and Compliance tools (GRC) like Archer may be something you want to look into. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Tools to collect and manage security metrics sfmailsbm (Dec 06)
- Re: Tools to collect and manage security metrics gig (Dec 08)
- Re: Tools to collect and manage security metrics Todd Haverkos (Dec 19)
- <Possible follow-ups>
- Re: Re: Tools to collect and manage security metrics sfmailsbm (Dec 19)
- Re: Re: Tools to collect and manage security metrics shivaone (Dec 19)