Posts Tagged “metrics”

Measuring The Speed of Light Using Your Microwave

by alex on June 21, 2010

Using a dish full of marshmallows.  We’re doing this with my oldest kids, and while I was reading up on it, I had to laugh out loud at the following: …now you have what you need to measure the speed (…)

Read the rest of this entry »

NotObvious On Heartland

by alex on December 21, 2009

I posted this also to the securitymetrics.org mailing list.  Sorry if discussing in multiple  venues ticks you off. The Not Obvious blog has an interesting write up on the Heartland Breach and impact.  From the blog post: “Heartland has had (…)

Read the rest of this entry »

For Blog/Twitter Conversation: Can You Defend “GRC”?

by alex on December 15, 2009

Longtime readers know that I’m not the biggest fan of GRC as it is “practiced” today.  I believe G & C are subservient to risk management. So let me offer you this statement to chew on: “A metric for Governance (…)

Read the rest of this entry »

Sweden: An Interesting Demographic Case Study In Internet Fraud

by alex on December 7, 2009

(quietly, wistfully singing “Yesterday” by the Beatles) From my favorite Swedish Infosec Blog, Crowmoor.se. I don’t speak Swedish, so I couldn’t really read the fine article they linked to.  Do go read their blog post, I’ll wait here. Back?  Great.  (…)

Read the rest of this entry »

Evolution of Information Analysis

by alex on April 16, 2009

Real briefly, something that came to me reading Marcus Ranum over at Tenable’s Blog. Marcus writes: Usually, when I attack pseudo-science in computer security, someone replies, “Yes, but some data is better than none at all!”  Absolutely not true! Deceptive, (…)

Read the rest of this entry »

A Curmudgeon is a Little Confused by the 2009 DBIR

by Brooke on April 16, 2009

I’ve given Vz’s DBIR a quick perusal.  The data are interesting indeed and the recommendations are obvious.  There is little new here in the way of recommendations – I guess nobody is listening or the controls are ineffective (or a (…)

Read the rest of this entry »

Microsoft Security Intelligence Report

by alex on April 9, 2009

The Microsoft SIR was released 4/8 and is available for download here.  Some of the interesting stuff they put in graphs is from the Open Security Foundation’s OSF Data Loss Database (http://datalossdb.org).  Among the interesting things in the Microsoft SIR: (…)

Read the rest of this entry »

Cyber-Spies!

by alex on April 8, 2009

The WSJ has an article up today about how the Russians and Chinese are mapping the US electirical grid.  What I thought was more interesting was the graph they used (which is only mildly related to the article itself). If (…)

Read the rest of this entry »