Comments on: On Value and Loss http://spiresecurity.com/?p=315 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Perilocity http://spiresecurity.com/?p=315&cpage=1#comment-439 Perilocity Fri, 27 Apr 2007 13:51:57 +0000 http://spiresecurity.com/blog/?p=315#comment-439 Ignore What’s Hard to Measure?

But IT security generally doesn’t have the economic part worked out.
With quantification of value and probable loss we’d have better risk management.

]]> By: PlanetHeidi http://spiresecurity.com/?p=315&cpage=1#comment-438 PlanetHeidi Thu, 19 Apr 2007 14:47:41 +0000 http://spiresecurity.com/blog/?p=315#comment-438 Been following the draft work for ISO 27004? It’s all about setting an international standard for infosec measurements. Essentially, layering on top of 27001 system for managing controls (controls being in 17799). Lotsa tough math in there… but I see that as a good thing.

]]> By: Alex http://spiresecurity.com/?p=315&cpage=1#comment-437 Alex Wed, 18 Apr 2007 23:38:48 +0000 http://spiresecurity.com/blog/?p=315#comment-437 Your criticism is FAIR enough (sorry, couldn’t resist). I actually have not offered an alternative.

I believe the alternative lies in processes, not assets.

But measuring the value of a process, unless you’ve got some hot shot consulting company (*cough*) is problematic.

Hopefully someone will figure it all out and distribute the answer using some open or semi-open license.

]]>