Hello,
I am sending this question out to this list to see what others are doing in
this space. (Adjust for your scenario accordingly) You have an IDS setup,
firewalls galore, enterprise anti-virus, regular vulnerability assesments,
whatever.... You have a lot of information out there that you can use for
metrics to determine the state of security at <insert your company here>.
o What are the key elements you report on?
o Do you break out the business metrics from technical metrics?
o Have you written tools to automate the metric gathering process or is it
manual?
o Do you have a regular (weekly, monthly, quarterly) report driven by
metrics?
o Are the metrics compared against an Level of Service agreement you have to
support?
Thanks,
Thomas Frazier
Systems Specialist
Corporate Information Security
------------------------------
[EMAIL PROTECTED]
------------------------------
