Posts Tagged “incident metrics”

NotObvious On Heartland

by alex on December 21, 2009

I posted this also to the securitymetrics.org mailing list.  Sorry if discussing in multiple  venues ticks you off. The Not Obvious blog has an interesting write up on the Heartland Breach and impact.  From the blog post: “Heartland has had (…)

Read the rest of this entry »

Thoughts on Bejtlich’s Information Security Incident Ratings

by alex on June 1, 2009

Check out Richard Bejtlich’s Information Security Incident Rating post. In it, he establishes qualitative, color-based scales for various asset-states in relation to the aggregate threat community.  As Richard states, he’s not modeling risk, but rather he’s somewhat modeling half of (…)

Read the rest of this entry »