Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Keeping a Strong Security Metrics Framework Strong
Oldest First  |  Newest First  |  Threaded View
BDeeds
50%
50%
BDeeds,
User Rank: Author
2/12/2020 | 4:32:43 PM
Using Metrics to Assess Controls
Using metrics to help assess the effectiveness of controls is a great tip for auditors. As auditors, we can sometimes face difficult conversations when control owners are having trouble processing shortcomings of a control(s). By matching the control to a metric, we maybe able to better help them understand our view. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
3/31/2020 | 9:42:09 AM
Great post and valid points
Tip 2: Stay alert and attuned. Don't just report metrics — analyze, understand, monitor, and adjust them

I do think this is the most important aspect of the post (I do like the areas where you indirectly referred to staying vigiliant and ready). This is a sliding scale that should be adjusted all the time and carefully looking at the metrics to help with this process is essential (basically using a SIEM or brain to capture information and format the data in a way where it makes sense).

But I have to be the bearer of bad news, companies are doing that (again, not all but a large majority of organizations, those who have been hacked - https://www.csis.org/programs/technology-policy-program/significant-cyber-incidents. There is something called Actionable intelligence where the metrics are used to determine if there is a problem and determines what can be done but we need to start looking beyond the numbers and metrics and look into "Prescriptive" security methods where the data is prioritized, listed and categorized where the SIEM solution or some other automated tool can run programs to modify parameters in a networked device. We need to be able to reach that level of potential before the threat becomes a reality.

Industry 4.0 Innovation Map Reveals Emerging Technologies & Startups

 

We need to be able to tie in all of these sources of data to create a "Sentinel" to identify, analyze, prioritize, react, and learn.

T
Brendanoflaherty
50%
50%
Brendanoflaherty,
User Rank: Author
9/22/2020 | 4:13:37 PM
Tip 3 crucial
Tip 3 Ensuring Data accuracy is fundamental.  The tools can only be as good as is permitted by the underlying data.  So if data is missing, compromised or there is too much irrelievant data overwhleming the tools, the metrics will provide a false sense of security and lead in the wrong direction.  This  defeats the entire purpose of a security framework and sets up for failure.   Many companies miss this crucial part and undercut their substantial investment from the very start.  Incomplete or faulty metrics only supercharge your problems,  need to make sure you are using the right information foundation for your framework. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25654
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
CVE-2020-28329
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-29053
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-25640
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.