Actual is not normal (a tribute to Edward Tufte) - kevindooley via flickr

Short post here, but things always seem to happen in groups, so I thought I’d make everyone aware of a couple of current and upcoming opportunities to dig into a very important topic (particularly during budget season) - Security Metrics.

NetSPI is putting on a webinar tomorrow (Thursday, Aug 26th) with Symantec - here’s the info/sign-up page on their website (full disclosure, if you don’t know by now I work for NetSPI):

Application Security - without metrics it doesn’t exist

And I got the August issue of The ISSA Journal yesterday and the cover story is ‘Security Metrics, An Overview’ by Clare Nelson.  It’s a good starting point for Security Metrics and it provides a good list of sources for additional information.  You’re going to have to be an ISSA member to access the article, but if you are reading this blog you should probably join the ISSA regardless (it’s like $95 a year or something).

The Journal is available to ISSA members for download from the ISSA site - ISSA

I will highlight one of the sources that Clare uses for her article (seriously - join the ISSA and read her article) - the Center for Internet Security - not all of their information is free, but the information that you would need to get started implementing a security metrics program is free - it’ll at least get your conversations started…   CIS

Related articles by Zemanta

• Security Metrics - Is This Network Getting Better? (tenablesecurity.com)