http://gcn.com/articles/2009/03/09/nist-security-metrics.aspx By William Jackson GCN.com Mar 09, 2009 Computer security is a difficult thing to quantify because, if done right, nothing happens. How, then, do you measure what didn't happen? Nevertheless, meaningful metrics are necessary so security can become a reliable, repeatable process with the necessary levels of assurance. The National Institute of Standards and Technology (NIST) doesn't have the answer for this, but scientists in its Computer Security Division have identified some areas for further research they hope might yield results. "Security metrics is an area of computer security that has been receiving a good deal of attention lately," the agency said in the draft of the new interagency report, titled "Directions in Security Metrics Research." "It is not a new topic, but one which receives focused interest sporadically." So far, this interest has not produced many actual metrics that have proven useful in practice. "Advancing the state of scientifically sound, security measures and metrics would greatly aid the design, implementation, and operation of secure information systems," the report states. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Wed Mar 11 2009 - 00:08:14 PDT
This archive was generated by hypermail 2.2.0 : Wed Mar 11 2009 - 00:16:49 PDT