Who Watches the Watchers? Metrics for Security Strategy

Presented at BSidesLV 2015, Aug. 5, 2015, 11 a.m. (55 minutes)

Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach?

Presenters:

• Michael Roytman
  Michael Roytman is responsible for building out Risk I/O's analytics functionality, and has been selected to speak at BSides, Metricon, SIRACon and more. His work at Risk I/O focuses on security metrics, risk measurement, and vulnerability management and his work has been published in USENIX. He formerly worked in fraud detection in the finance industry, and holds an M.S. in Operations Research from Georgia Tech. His home in Chicago contains a small fleet of broken-down drones.

Links:

• https://bsideslv2015.sched.com/event/3ufR/who-watches-the-watchers-metrics-for-security-strategy
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2015/Who Watches the Watchers Metrics for Security Strategy Michael Roytman.mp4

Similar Presentations:

• Blue Team Con 2022 / Building Better Security Metrics
• ShmooCon 2022 Rescheduled / Practical Information Security Metrics
• SOURCE Seattle 2016 / Mr. Human - Vulnerability Management from the Attacker's Perspective Keynote