Enterprise Architecture Practitioners Conference [an error occurred while processing this directive] The Open Group
  Eoin Fleming, FSI Practice Lead, HP, Ireland  


Eoin is the FSI practice lead for HP, he works with prospective and existing clients in the Security, operational risk and audit and audit areas in an advisory capacity.

He holds the following certifications: ISSMP, CISSP, CISM, CISA, ISO 27001 LA.


   
 

Presentation

Security Metrics - The Road to Nowhere

We have spent a lot of time and effort of defining security metrics - but have we spent enough time on their audience? The best metric of security is not the best security metric - don't get caught in the scrum.

Security metrics as a topic is beginning to come into its own, with multiple agencies either working on or having published position papers on it in the last 6 months. There is an active debate in the industry about what constitutes a "good" metric, how to present them and what audience they should target. This presentation will first cover the basics of the topic- what to measure, how to measure, what NOT to measure - with real world examples of what works and why some things which at first glance appear to be good metrics ultimately fail (including the 10 commandments of metrics). it will then cover automation of security metrics and the mechanics of delivering metrics not once but repeatedly including what architecture principles need to be borne in mind facilitate this. Then it will review how metrics are presented (with some examples of how not to do it) and how to tailor the metric to the audience to get the desired result (investment vs. security status knowledge vs. trending vs. risk management).
The overall presentation will provide a view of where the industry stands on metrics at the moment, where it's likely to go, and what security architects need to be aware of in order to ensure they can deliver on what is swiftly becoming a major focus area both for regulatory authorities and their own management.

Audience:-experienced security architects and architects who want to know how security people think.

Key takeaways:-
1. It's not you - it's them -- how to formulate metrics so people listen.
2. Why architects don't get it - the rosetta stone for architects and security people.
3. You will be tasked with security soon - so its time you understood it.

return to program

 

   
   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page