Firewall Wizards mailing list archives
RE: Managed Security Metrics
From: Bob.Eichler () ual com
Date: Mon, 5 Mar 2001 10:30:22 -0600
Aside of the techie number collection, you need to get guarantees from the vendors that they are going to maintain their OS / security patches on a regular basis. That is the first thing I'd put in an SLA: the patches will be reviewed / loaded every xx days. Vendors are typically very sloppy about this. Sad to say, once they have your contract, this becomes so much overhead they would just as soon not absorb if they can help it. After that I'd get into the type of metrics you discuss below. Just my $.02 from a previous bad experience... ---------- From: msmith Sent: Monday, March 05, 2001 8:37 AM To: firewall-wizards Cc: msmith Subject: [fw-wiz] Managed Security Metrics What security metrics should I be looking for in a service level agreement from a managed security service provider? Traditional service level agreements cover things like performance (throughput) and availability. If I have an outsourcer manage my firewall, what kinds of service targets should I insist on? I wouldn't think there'd be any point to counting blocked attacks (as a service metric). I certainly want to know how many attacks got through, but is that a metric for which I can usefully set a target (e.g., no more than 0 successful attacks per month)? If the service provider manages my firewall plus other devices, like VPNs, IDSes, etc., can we or should we set different types of targets for each device/service? Or should there be some global security metrics that apply across the entire service? I'd like to know how much of my bandwidth I'm giving up to the security provider's data streams, but that doesn't tell me how secure I am. Related to this, I recently listened to a Meta audio briefing (http://www.metagroup.com/metaview/mv0314/mv0314.html) that suggested some useful security metrics (aimed more at internal security operations) included things like password reset requests, time to create or delete user accounts, etc. Would these work for measuring an external service provider? J. Michael Smith _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics R. DuFresne (Mar 05)
- Re: Managed Security Metrics shawn . moyer (Mar 05)
- Re: Managed Security Metrics R. DuFresne (Mar 06)
- Message not available
- Re: Managed Security Metrics Marcus J. Ranum (Mar 06)
- IP Spoofing and counter measures Tib (Mar 09)
- Re: IP Spoofing and counter measures Ryan Russell (Mar 11)
- <Possible follow-ups>
- RE: Managed Security Metrics Bob . Eichler (Mar 05)
- RE: Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics Adam Shostack (Mar 06)
- RE: Managed Security Metrics R. DuFresne (Mar 06)
- Re: Managed Security Metrics shawn . moyer (Mar 06)
- RE: Managed Security Metrics Mike Smith (Mar 06)
- Re: Managed Security Metrics Adam Shostack (Mar 09)
- RE: Managed Security Metrics R. DuFresne (Mar 09)
- RE: Managed Security Metrics Crumrine, Gary L (Mar 07)
- Re: Managed Security Metrics Jack McCarthy (Mar 07)