Wanted: Metrics for Measuring Cyber Performance and Effectiveness

Editor’s Note: The need for cyber performance and effectiveness has been raised by the Center for Regulatory Effectiveness to NIST’s Information Security and Privacy Advisory Board. See 2012 ISPAB meeting minutes here.

From: GovTechWorks | General Dynamics IT



That leaves CISOs trying to balance unknown risks against growing costs, without a clear ability to justify the return on their cybersecurity investment. Not surprisingly, today’s high-threat environment makes it preferable to choose safe over sorry – regardless of cost. But is there a better way?

Some cyber insiders believe there is.


Why the best smart city is a secure one

From: Australian Business Review | Opinion

Dick Bussiere, APAC technical director, Tenable


San Diego is an example of a city that has integrated security into its smart city infrastructure, which includes automated transportation systems, LED street lighting, traffic control and public transportation. The city has invested in an enterprise-wide vulnerability management platform to inventory all of its systems, identify at-risk devices to patch and implement continuous security monitoring to protect both modern and legacy assets. As a result, San Diego has saved more than $1.3 million per year in lost productivity.


Security Monitoring and Analytics: Moving Beyond the SIEM

From: Security Intelligence

By Derek Brink

This is the final installment in a three-part series. Be sure to read Part 1 and Part 2 for more information.

Improving integration, visibility and analytics with a platform approach to security information and event management (SIEM) is the means to the business value of security, compliance and operational efficiency.

Security teams are operating in an evolving macro environment, which presents three challenges:

  1. The incredible rate of change in information technology infrastructure has led to such complexity in our networks, systems and applications that most organizations struggle with the in-house capabilities and resources to keep up.


Commerce Department Plans to Move Cybersecurity to the Cloud

From: FedTech

The agency wants to get easier access to its cybersecurity monitoring environment and make changes more rapidly.



Specifically, Commerce wants to move the applications and capabilities of its Enterprise Security Operations Center (ESOC), Enterprise Cybersecurity Monitoring and Operations (ECMO) and parts of its Continuous Diagnostic and Mitigation (CDM) program to the cloud. The environment will need be a high impact level from a cloud service provider approved by the General Services Administration’s Federal Risk and Authorization Management Program.


What Wall Street can teach Black Hat’s “Wall of Sheep”


In an increasingly vulnerable environment, effective cyber security strategies are heading towards convergence with surveillance

Nick Ismail

This has put cyber security on a necessary path to convergence with surveillance, the latter emerging as a necessary paradigm in the quest to detect and resolve breaches before significant damage is done.


Every July, thousands of the world’s most savvy security professionals descend upon Las Vegas for the Black Hat conference. For the uninitiated, the well-understood rule of the conference is that mobile devices stay in your hotel room, lest you wind up on the “Wall of Sheep,” a conference stalwart posting in which hackers happily embarrass those who aren’t practicing “safe” computing.


New statistical model examines massive amounts of data to automatically spot anomalies

From: American Statistical Association via Science Daily

With the number of security breaches and cyber-attacks on the rise, cyber-security experts may soon have a new tool in the fight against online threats. Scientists have developed a new statistical method for monitoring networks to automatically detect ‘strange behavior’ and ultimately prevent intrusion.

With the number of security breaches and cyber-attacks on the rise and reports of the financial burden of these varying from $400 billion a year to $2.1 trillion by 2019, cyber-security experts may soon have a new tool in the fight against online threats. Patrick Rubin-Delanchy, Heilbronn Research Fellow in Statistics at the University of Oxford, will present a new statistical method for monitoring networks to automatically detect “strange behavior” and ultimately prevent intrusion on Monday, July 31, at the 2017 Joint Statistical Meetings (JSM).