Security Basics mailing list archives
RE: Looking For Security Metrics
From: "Sheldon Malm" <smalm () ncircle com>
Date: Thu, 27 Mar 2008 08:19:25 -0700
David: it's important to define what you mean by "metrics". If you're talking about an enumerated list of things to cover, then CIS, NIST, and the collective works of mitre (particularly CCE and CVE) are a great place to start. If, by metrics, you mean risk scoring and trending over time, there is little available in the public domain than CVSS today. Vendors have their own proprietary risk metrics (nCircle has a composite score as well as CVSS built into IP360; most others use HIGH/MEDIUM/LOW), and there are countless conceptual risk frameworks (mostly academic today). I suspect that you mean a checklist/guideline to follow, in which case CIS and/or Mitre are great places to start. Sheldon Malm Director Security Research & Development nCircle Network Security Check out the VERT daily post http://blog.ncircle.com/vert -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Murda Mcloud Sent: Tuesday, March 25, 2008 7:18 PM To: jmacaranas () fxdd com; security-basics () lists securityfocus com Subject: RE: Looking For Security Metrics How about looking at NIST for their checklists or CIS? Maybe SANS have something specific for the platform/app you're using. Is it like Sharepoint?
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jmacaranas () fxdd com Sent: Wednesday, March 26, 2008 4:56 AM To: david.durcsak () verizon net; security-basics () lists securityfocus com Subject: RE: Looking For Security Metrics openACS? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of david.durcsak () verizon net Sent: Tuesday, March 25, 2008 1:27 PM To: security-basics () lists securityfocus com Subject: Looking For Security Metrics To all: We are running a web based document sharing and collaborative enviornment and don't have the security expertise/time in house to develop a set of securiy metrics. My thoughts right now are if someone had a list that they could share, we could use those as a starting point for understanding what we need to do. Any help would be appreciated. Cheers Dave --------------------------------------------------------------------- ---- ------------------------------- This message and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is
addressed. It may contain sensitive and private proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You
must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended
recipient.
FXDirectDealer, LLC reserves the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the
terms of executed transactions should be treated as preliminary only and subject to our formal confirmation. FXDirectDealer, LLC is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account
activity contained in this communication.
Current thread:
- Looking For Security Metrics david.durcsak (Mar 25)
- RE: Looking For Security Metrics jmacaranas (Mar 25)
- RE: Looking For Security Metrics Murda Mcloud (Mar 27)
- RE: Looking For Security Metrics Sheldon Malm (Mar 27)
- RE: Looking For Security Metrics David Gillett (Mar 27)
- RE: Looking For Security Metrics Murda Mcloud (Mar 28)
- Re: Looking For Security Metrics Charles H. Leggett (Mar 28)
- RE: Looking For Security Metrics Murda Mcloud (Mar 27)
- RE: Looking For Security Metrics jmacaranas (Mar 25)