On Jul 27, 2010, at 1:14 PM, [email protected] wrote: >> False metrics are rampant in the security industry. We really need >> to do something about them. I propose that we make fun of them. > > > You might consider joining us in D.C. on 10 August at > http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon5.0 > > --dan, program committee
Wow, I was just going to recommend Dan's book, "Security Metrics." Anyone tasked with quantifying actual security should read his book. There's a pretty good dissection of ALE, and a fantastic few chapters about building a balanced scorecard to measure your operations from more perspectives than just dollars and cents. When I read that nist.gov link, the joke about the spherical cow popped into my head. Paul Tiemann (DigiCert) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
