You know its a little off topic - but I'd kill for a set of metrics
around the effectiveness/efficiency of a SOC :)
Anyone got any ideas? The usual events per person type metrics are
backwards (good security means less events so lower efficiency
Thanks
Bret
Last year's conference, MetriCon 1.0 featured a software security metrics
track ( http://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0),
including:
* A Metric for Evaluating Static Analysis Tools - Chess Tsipenyuk, Fortify
* An Attack Surface Metric - Manadhata Wing, Carnegie-Mellon
*
