the State of Security

Metrics

If you want to succeed at security, you need to look at the winners

by David Spark

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco. One of the repeated security stories you hear time after time are cases of failing. Usually it’s a story of a data compromise, and the more egregious it is, the better the story is. There’s no doubt that we can learn [...]

Read More

RSA 2010: Proving the Worth of Security Metrics with Real-World Data

by David Spark

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco. Your organization is measuring an endless stream of data. You could get buried trying to look at it all. The question is, “Why are you looking at it all?” Shouldn’t you just be looking at the good stuff? The stuff that [...]

Read More

RSA 2010: Pre-debate on ‘Proving the Worth of Security Metrics with Real-World Data’

by David Spark

David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco. Before their panel “Proving the Worth of Security Metrics with Real-World Data” the four panelists had a pre-debate as to what they were going to debate about tomorrow. They realized they have to set the stage by defining what they mean [...]

Read More

My RSA Talk and Adam Shostack’s Awesome RSA Research Track

by ~Previous Contributers

I am in San Francisco this week at the RSA Conference (which is apparenlty #rsac on Twitter). I will be speaking this afternoon at 3pm PT. The famous Adam Shostack (@adamshostack) is one of the track chairs, and his advice to me was, “give your metrics talk, under the guise of virtualization security.” Well, I’m [...]

Read More