Richard Seiersen - Author Of The Metrics Manifesto
Unsolicited Response
English - June 29, 2022 17:55 - 53 minutes - 53.4 MB - ★★★★★ - 12 ratingsTechnology iiot dalepeterson digitalbond icssecurity scadahacking scadasecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Phil Venables - CISO at Google Cloud
Next Episode: ICS Security Month In Review - June 2022
Dale Peterson interviewed Richard Seiersen, author of new book The Metrics Manifesto: Confronting Security With Data.
For security controls - what would I see that would show me it is working? How do I measure the effectiveness and efficiency of my security controls? Why is so much of the book code, and can the book be valuable if you don't go through the code? A lot of time spent on categories of metrics: burndown and survival, arrival and escapes, and wait time Most of the examples in the book are vuln prevention and remediation ... how will the statistics deal with increases due to SBOMs? ... how to address vulnerabilities with very different related risk? How to address the CISO wanting a single dashboard with OT and IT metrics with very different risk related to those metrics? The concept of value of / return on control and how some CISOs are dealing with cyber risk Using SME beliefs as data and a lot moreLinks
The Metrics Manifesto The book's site with code and other info Richard Seiersen's S4x18 video: How To Measure Anything In Cybersecurity Risk