Comments on: Let the Metrics Begin! http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/ We are the people your IT department warned you about Fri, 12 Mar 2010 01:27:03 +0000 http://wordpress.org/?v=2.0.5 by: Chandler Howell http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-180105 Tue, 08 Jan 2008 13:11:43 +0000 http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-180105 Ian, Don't worry...I'm definitely thinking hard about how best to measure both traditional perimeter effectiveness as well as thinking about how to evaluate the trade-off's that deperimeterization brings. The challenge is getting over the "so what?" hump from operational to true KPI's. Also, I knew from Alex Hutton and the rest of the team at <a href="http://riskmanagementinsight.com" rel="nofollow">Risk Management Insight</a> that FAIR was under the Open Group's aegis. Ian,

Don’t worry…I’m definitely thinking hard about how best to measure both traditional perimeter effectiveness as well as thinking about how to evaluate the trade-off’s that deperimeterization brings. The challenge is getting over the “so what?” hump from operational to true KPI’s.

Also, I knew from Alex Hutton and the rest of the team at Risk Management Insight that FAIR was under the Open Group’s aegis.

]]> by: Ian Dobson http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-179567 Mon, 07 Jan 2008 16:49:46 +0000 http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-179567 Chandler, You've certainly chosen a challenging area. Yes - gathering measurements is not really the problem. The hard part is using meaningful metrics meaningfully, so they build a credible picture on the performance and effectiveness of the thing you're measuring. This in turn requires a measurement model which delivers sound, objective, consistent results. I'll look forward following your reports on progress, not least as valuable contributions to our Risk Management project (FAIR - http://www.opengroup.org/projects/security/doc.tpl?CALLER=index.tpl&gdid=13231). Regards, Ian Dobson. Chandler,

You’ve certainly chosen a challenging area. Yes - gathering measurements is not really the problem. The hard part is using meaningful metrics meaningfully, so they build a credible picture on the performance and effectiveness of the thing you’re measuring. This in turn requires a measurement model which delivers sound, objective, consistent results. I’ll look forward following your reports on progress, not least as valuable contributions to our Risk Management project (FAIR - http://www.opengroup.org/projects/security/doc.tpl?CALLER=index.tpl&gdid=13231).

Regards,
Ian Dobson.

]]> by: Chandler Howell http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-179480 Mon, 07 Jan 2008 13:40:08 +0000 http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-179480 Erik, Thanks for that pointer. The library seems to be fairly preliminary for now (not a criticism--everything has to start somewhere), but it's certainly an interesting starting point and I'll be sure to add my own KPI's as we select them. Erik,

Thanks for that pointer. The library seems to be fairly preliminary for now (not a criticism–everything has to start somewhere), but it’s certainly an interesting starting point and I’ll be sure to add my own KPI’s as we select them.

]]> by: Erik Hoffmann http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-179407 Mon, 07 Jan 2008 09:47:47 +0000 http://thurston.halfcat.org/blog/2008/01/04/let-the-metrics-begin/#comment-179407 Chandler, it will be interesting to see what kind of metrics you will define. Perhaps http://www.kpilibrary.com can give some inspiration and input, although i think the IT security categories could benefit from your experience and participation: http://kpilibrary.com/?cat=145 http://kpilibrary.com/?cat=95 best regards. Chandler,

it will be interesting to see what kind of metrics you will define. Perhaps http://www.kpilibrary.com can give some inspiration and input, although i think the IT security categories could benefit from your experience and participation:

http://kpilibrary.com/?cat=145
http://kpilibrary.com/?cat=95

best regards.

]]>