http://gcn.com/articles/2009/09/14/update-1-security-metrics-lacking-for-it-systems.aspx By William Jackson GCN.com Sept. 10, 2009 Information technology security is a hot topic, but attention usually focuses on the lack of it. What is missing is an objective, quantifiable way to effectively measure it. "Security can be looked at in different ways by different people,” "aid Wayne Jansen, a computer scientist at the National Institute of Standards and Technology's IT boratory. There is quality control for code developers, the process of deploying a system, and its maintenance by users. "ese are all different aspects,” " they do not lend themselves to traditional methods of measurement used in physical science, he said. Jansen has examined the status of efforts to develop security metrics, identified challenges and suggested a course for future research in a recent NIST report, "Directions in Security Metrics Research." There have been a number of efforts to establish metric systems for security, including the international Common Criteria, the Defense Department's usted Computer System Evaluation Criteria, the European Communities' formation Technology Security Evaluation Criteria, and the International Systems Security Engineering Association's systems Security Engineering Capability Maturity Model. [...] ________________________________________ Please Donate to the Ron Santo Walk to Cure Diabetes with Ethan's Crew! http://www.c4i.org/ethan.htmlReceived on Fri Sep 11 2009 - 01:22:43 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 11 2009 - 01:36:42 PDT