A mighty fortress is our PKI

Paul Tiemann paul.tiemann.usenet at gmail.com
Tue Jul 27 19:20:09 EDT 2010


On Jul 27, 2010, at 1:14 PM, dan at geer.org wrote:

>> False metrics are rampant in the security industry. We really need
>> to do something about them. I propose that we make fun of them.
> 
> 
> You might consider joining us in D.C. on 10 August at
> http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon5.0
> 
> --dan, program committee

Wow, I was just going to recommend Dan's book, "Security Metrics."

Anyone tasked with quantifying actual security should read his book.  There's a pretty good dissection of ALE, and a fantastic few chapters about building a balanced scorecard to measure your operations from more perspectives than just dollars and cents.

When I read that nist.gov link, the joke about the spherical cow popped into my head.

Paul Tiemann
(DigiCert)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list