Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Metrics

From: Mike Lococo <mike.lococo () NYU EDU>
Date: Mon, 5 Nov 2007 11:08:31 -0500
http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989

Has any read this? Any interesting reviews?


Richard Bejtlich of Network Security Monitoring fame has a very positive
review on Amazon.com, and has also been doing a moderately interesting
series of posts at his website taosecurity.com.  Link to Amazon review:

http://www.amazon.com/review/R2MKJYGLYTZKEJ


I think Jacquith makes a bit too much of the "you can't improve what
you can't measure" mantra...


I might rephrase this as "You can't know you're making an improvement
unless you're measuring performance".  It's not surprising that Bejtlich
signs on to such a premise, since it's a very logical extension of the
NSM mantra that you can't defend a network you don't understand.

Thanks,
Mike Lococo
Previous By Date Next
Previous By Thread Next

Current thread: