Firewall Wizards mailing list archives
Re: Managed Security Metrics
From: Adam Shostack <adam () homeport org>
Date: Mon, 5 Mar 2001 18:00:45 -0500
I think that theres a lot of process issues which are not easily quantified. For example, I want to know that an account will be shut off within 5 minutes of a lost token report, but more than that I want them to go through a list of accounts quarterly to ensure that there is a known, employed user using the account. I'd like to see log monitoring, a guaranteed response time to certain classes of events eg, any user not on a shortlist becoming root leads to a phone call that connects with my escalation tree inside of 15 minutes. Perhaps you can make the question more specific: What are you trying to protect? What is the service selling you? Is it "firewall and in, end-to-end security?" Is it firewall log monitoring? Adam On Mon, Mar 05, 2001 at 01:37:10PM -0500, Mike Smith wrote: | So I'm back to asking, what are suitable, measurable criteria for judging | the quality of my security service provider's performance? | | Mike Smith -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics R. DuFresne (Mar 05)
- Re: Managed Security Metrics shawn . moyer (Mar 05)
- Re: Managed Security Metrics R. DuFresne (Mar 06)
- Message not available
- Re: Managed Security Metrics Marcus J. Ranum (Mar 06)
- IP Spoofing and counter measures Tib (Mar 09)
- Re: IP Spoofing and counter measures Ryan Russell (Mar 11)
- <Possible follow-ups>
- RE: Managed Security Metrics Bob . Eichler (Mar 05)
- RE: Managed Security Metrics Mike Smith (Mar 05)
- Re: Managed Security Metrics Adam Shostack (Mar 06)
- RE: Managed Security Metrics R. DuFresne (Mar 06)
- Re: Managed Security Metrics shawn . moyer (Mar 06)
- RE: Managed Security Metrics Mike Smith (Mar 06)
- Re: Managed Security Metrics Adam Shostack (Mar 09)
- RE: Managed Security Metrics R. DuFresne (Mar 09)
- RE: Managed Security Metrics Crumrine, Gary L (Mar 07)
- Re: Managed Security Metrics Jack McCarthy (Mar 07)