Network Computing Dark Reading

Advertise

Analytics

3/16/2015
06:00 PM

Ericka Chickowski
Slideshows

Connect Directly

1 Comment
Comment Now

10 Ways To Measure IT Security Program Effectiveness

The right metrics can make or break a security program (or a budget meeting).

2 of 10

False Positive Reporting

Tracking the False Positive Reporting Rate (FPRR) can help put the work of lower-level analysts under the microscope, making sure that the judgments they're making on automatically filtered security event data is sifting out false positives from indicators of compromise before they escalate to others in the response team.

"Despite the implementation of automated filtering, the SOC team must make the final determination as to whether the events they are alerted to are real threats," Boison of Lockheed Martin says. "The reporting of false positives to incident handlers and higher-level management increases their already heavy workload and, if excessive, can de-motivate and cause decreased vigilance."

A high FPRR could indicate better training is needed from Level 1 Analysts or better tuning of analytics tools.

"All too often Level 1 analysts lack a good understanding and visibility to incidents cause and therefore escalate false alerts to Level 3 analysts," says Lior Div, CEO of Cyberreason. "This causes waste of expensive resources."

(Image: Pixabay)

2 of 10

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

100%

RyanSepe,
User Rank: Ninja
3/17/2015 | 8:44:18 AM

Vulnerability Assessment

Many of these ways focus around and IRT(reactive) and Vulnerability Assessment Process(both proactive and reactive). These are two reactive measures that if handled effectively can increase an organization's security posture expontentially. However, many organizations do not employ these effectively. The reasons for this vary, bandwidth, personnel, expertise, etc. This is why sometimes outsourcing to an MSSP is beneficial. This argument can be made using the statistic aggregation denoted by this article.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 7/6/2020

Ripple20 Threatens Increasingly Connected Medical Devices

Kelly Sheridan, Staff Editor, Dark Reading, 6/30/2020

DDoS Attacks Jump 542% from Q4 2019 to Q1 2020

Dark Reading Staff 6/30/2020

Webinars

Protecting Mobile Apps and APIs from the Inside Out

Why Performance Testing is More Critical Today

5 Ways to Jumpstart AI

Webinar Archives

White Papers

Getting Cloud Management Right

Best Practices for Evaluating Merger and Acquisition IT Risk

Critical Capabilities for Attack Surface Management

The Value of Threat Intelligence with DomainTools: Identify Threats 82% Faster

Why Now Is the Time for Security Validation

More White Papers

Video

All Videos

Cartoon

Latest Comment: Interesting! Kills 99% of germs and contains chilli juice to prevent you from touching your face.

Cartoon Archive

Current Issue

How Cybersecurity Incident Response Programs Work (and Why Some Don't)

This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Threat from the Internet�and What Your Organization Can Do About It

This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!

Download Now!

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

0 comments

State of Cybersecurity Incident Response

0 comments

Developing and Maintaining Secure Applications

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5595
PUBLISHED: 2020-07-07

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute...

CVE-2020-5596
PUBLISHED: 2020-07-07

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a mali...

CVE-2020-5597
PUBLISHED: 2020-07-07

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products o...

CVE-2020-5598
PUBLISHED: 2020-07-07

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop ...

CVE-2020-5599
PUBLISHED: 2020-07-07

TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remo...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]