A mighty fortress is our PKI
Paul Tiemann
paul.tiemann.usenet at gmail.com
Tue Jul 27 19:20:09 EDT 2010
On Jul 27, 2010, at 1:14 PM, dan at geer.org wrote:
>> False metrics are rampant in the security industry. We really need
>> to do something about them. I propose that we make fun of them.
>
>
> You might consider joining us in D.C. on 10 August at
> http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon5.0
>
> --dan, program committee
Wow, I was just going to recommend Dan's book, "Security Metrics."
Anyone tasked with quantifying actual security should read his book. There's a pretty good dissection of ALE, and a fantastic few chapters about building a balanced scorecard to measure your operations from more perspectives than just dollars and cents.
When I read that nist.gov link, the joke about the spherical cow popped into my head.
Paul Tiemann
(DigiCert)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list