Security Basics mailing list archives
Re: Looking For Security Metrics
From: "Charles H. Leggett" <chl () uga edu>
Date: Fri, 28 Mar 2008 08:44:49 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/27/2008 11:19 AM, Sheldon Malm wrote: ...
If, by metrics, you mean risk scoring and trending over time, there is little available in the public domain than CVSS today. Vendors have their own proprietary risk metrics (nCircle has a composite score as well as CVSS built into IP360; most others use HIGH/MEDIUM/LOW), and there are countless conceptual risk frameworks (mostly academic today).
This may be one of the "conceptual risk frameworks" to which Sheldon is referring but, I am reading up on the ISECOM (http://www.isecom.org) Risk Assessment Values or RAVs which they use in their Open Source Security Testing Methodology Manual (OSSTMM). More information can be found here: http://www.isecom.org/research/ravs.shtml and http://www.isecom.org/osstmm/
...
- -- Charles H. Leggett EITS - Information Security chl () uga edu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH7OhACXOdLnAjU80RAlrMAJ9n9ZJqJBr7yJWiEm2KtdXyi+Bb/ACg0ayt 46N5lixpIaP9R6WVJIMuk94= =eqrm -----END PGP SIGNATURE-----
Current thread:
- Looking For Security Metrics david.durcsak (Mar 25)
- RE: Looking For Security Metrics jmacaranas (Mar 25)
- RE: Looking For Security Metrics Murda Mcloud (Mar 27)
- RE: Looking For Security Metrics Sheldon Malm (Mar 27)
- RE: Looking For Security Metrics David Gillett (Mar 27)
- RE: Looking For Security Metrics Murda Mcloud (Mar 28)
- Re: Looking For Security Metrics Charles H. Leggett (Mar 28)
- RE: Looking For Security Metrics Murda Mcloud (Mar 27)
- RE: Looking For Security Metrics jmacaranas (Mar 25)