On Jul 27, 2010, at 1:14 PM, d...@geer.org wrote:

>> False metrics are rampant in the security industry. We really need
>> to do something about them. I propose that we make fun of them.
> You might consider joining us in D.C. on 10 August at
> http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon5.0
> --dan, program committee

Wow, I was just going to recommend Dan's book, "Security Metrics."

Anyone tasked with quantifying actual security should read his book.  There's a 
pretty good dissection of ALE, and a fantastic few chapters about building a 
balanced scorecard to measure your operations from more perspectives than just 
dollars and cents.

When I read that nist.gov link, the joke about the spherical cow popped into my 

Paul Tiemann

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to