Firewall Wizards mailing list archives
Re: Security Policy methodologies
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Sat, 03 Jan 1998 12:07:51 -0500
Aleph One wrote:
I suggest you read John D. Howard's PhD dissertation, "An Analysis Of Security Incidents On The Internet 1989 - 1995".
the URL is: http://www.cert.org/research/JHThesis/ it's a pretty big document and indeed might serve as a cure for certain forms of insomnia. It's a bit heavy on the CERT(r)/CC viewpoint, which is understandable, but seeing the (r) gets visually tiresome. It DOES give incident and false alarm report frequencies for CERT, which is cool. Things get interesting around Chapt 7. The appendixes are interesting. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: Security Policy methodologies Rick Smith (Jan 01)
- Re: Security Policy methodologies Ted Doty (Jan 02)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Re: Security Policy methodologies Marcus J. Ranum (Jan 03)
- Re: Security Policy methodologies Ted Doty (Jan 05)
- Re: Security Policy methodologies Aleph One (Jan 05)
- Re: Security Policy methodologies Ted Doty (Jan 05)
- Re: Security Policy methodologies Larry J. Hughes Jr. (Jan 06)
- Re: Security Policy methodologies Rick Smith (Jan 07)
- Re: Security Policy methodologies Ted Doty (Jan 07)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Re: Security Policy methodologies Ted Doty (Jan 02)
- <Possible follow-ups>
- RE: Security Policy methodologies Rick Smith (Jan 01)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Survey so far - Security Policy methodologies Bret Watson (Jan 04)
- Re: Security Policy methodologies Anton J Aylward (Jan 06)