Re: Managed Security Metrics

[Adam Shostack <adam () homeport org>]

I think that theres a lot of process issues which are not easily
quantified.  For example, I want to know that an account will be shut
off within 5 minutes of a lost token report, but more than that I want 
them to go through a list of accounts quarterly to ensure that there
is a known, employed user using the account.

I'd like to see log monitoring, a guaranteed response time to
certain classes of events eg, any user not on a shortlist becoming
root leads to a phone call that connects with my escalation tree
inside of 15 minutes.

Perhaps you can make the question more specific: What are you trying
to protect?  What is the service selling you?  Is it "firewall and in, 
end-to-end security?"  Is it firewall log monitoring?

Adam


On Mon, Mar 05, 2001 at 01:37:10PM -0500, Mike Smith wrote:
| So I'm back to asking, what are suitable, measurable criteria for judging
| the quality of my security service provider's performance?
| 
| Mike Smith

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards