Firewall Wizards mailing list archives

RE: Managed Security Metrics

From: Bob.Eichler () ual com
Date: Mon, 5 Mar 2001 10:30:22 -0600

Aside of the techie number collection, you need to get guarantees from
the vendors that they are going to maintain their OS / security patches
on a regular basis. That is the first thing I'd put in an SLA: the
patches will be reviewed / loaded every xx days. Vendors are typically
very sloppy about this. Sad to say, once they have your contract, this
becomes so much overhead they would just as soon not absorb if they can
help it.
After that I'd get into the type of metrics you discuss below. Just my
$.02 from a previous bad experience...

   ----------
   From:       msmith
   Sent:       Monday, March 05, 2001 8:37 AM
   To:         firewall-wizards
   Cc:         msmith
   Subject:    [fw-wiz] Managed Security Metrics
   
   What security metrics should I be looking for in a service level
   agreement
   from a managed security service provider?  Traditional service level
   agreements cover things like performance (throughput) and
   availability.  If
   I have an outsourcer manage my firewall, what kinds of service
   targets
   should I insist on?
   
   I wouldn't think there'd be any point to counting blocked attacks (as
   a
   service metric).  I certainly want to know how many attacks got
   through, but
   is that a metric for which I can usefully set a target (e.g., no more
   than 0
   successful attacks per month)?
   
   If the service provider manages my firewall plus other devices, like
   VPNs,
   IDSes, etc., can  we or should we set different types of targets for
   each
   device/service?  Or should there be some global security metrics that
   apply
   across the entire service?  I'd like to know how much of my bandwidth
   I'm
   giving up to the security provider's data streams, but that doesn't
   tell me
   how secure I am.
   
   Related to this, I recently listened to a Meta audio briefing
   (http://www.metagroup.com/metaview/mv0314/mv0314.html) that suggested
   some
   useful security metrics (aimed more at internal security operations)
   included things like password reset requests, time to create or
   delete user
   accounts, etc.  Would these work for measuring an external service
   provider?
   
   J. Michael Smith
   
   
   _______________________________________________
   firewall-wizards mailing list
   firewall-wizards () nfr com
   http://www.nfr.com/mailman/listinfo/firewall-wizards
   
   
   
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics R. DuFresne (Mar 05)
- Re: Managed Security Metrics shawn . moyer (Mar 05)
  - Re: Managed Security Metrics R. DuFresne (Mar 06)
  - Message not available
    - Re: Managed Security Metrics Marcus J. Ranum (Mar 06)
- IP Spoofing and counter measures Tib (Mar 09)
  - Re: IP Spoofing and counter measures Ryan Russell (Mar 11)
- <Possible follow-ups>
- RE: Managed Security Metrics Bob . Eichler (Mar 05)
- RE: Managed Security Metrics Mike Smith (Mar 05)
  - Re: Managed Security Metrics Adam Shostack (Mar 06)
  - RE: Managed Security Metrics R. DuFresne (Mar 06)
    - Re: Managed Security Metrics shawn . moyer (Mar 06)
- RE: Managed Security Metrics Mike Smith (Mar 06)
  - Re: Managed Security Metrics Adam Shostack (Mar 09)
  - RE: Managed Security Metrics R. DuFresne (Mar 09)
- RE: Managed Security Metrics Crumrine, Gary L (Mar 07)
- Re: Managed Security Metrics Jack McCarthy (Mar 07)