Research on Security and Innovation in the Cloud

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

On Security Analytics: Putting the Science into Security Management

by on 07-21-2010 06:29 PM

In a previous post of mine, I mentioned the Security Analytics initiative. I promised to provide more details. Here they are.

 

I attach a datasheet called “Security Analytics: Putting the Science into Security Management”, by Vistorm (an HP Company). 

 

The IAM area (and the HP Labs Identity Analytics activity) is covered in Security Analytics. Hopefully the datasheet will provide more details.

 

Here is an extract from the introduction:

 

“As the pressure on business increases so does the complexity of the security challenges. As a result security teams are finding it increasingly harder to achieve, measure and communicate a measurable reduction in business risk.

 

So how should a security team determine the best possible strategy: How much should be spent; what should be prioritised; what trades-offs to accept between lowered risk and business disruption; how to champion and justify security decisions to the business?

 

Vistorm, an HP Company and HP Labs have a shared vision for next generation security management: one that helps our clients achieve a measurable reduction in business risk along with a lower long term investment in information security.

 

Security Analytics is at the heart of this vision and is about creating tools and methodologies to address rigorously the challenges that security teams face in driving more effective security strategies. …”

 

Here are more details about the currently available Packaged Security Analytics:

 

“By combining Vistorm’s expertise in security governance with HP Labs’ expertise in security research we are able to offer a packaged consulting engagement featuring repeatable, short term engagements to address security management challenges (people, process, policy and technology) in two key areas:

 

  • Vulnerability and threat management (VTM), and
  • Identity and access management (IAM).

 

The value of these engagements is:

 

  • a rigorous exploration of your (VTM or IAM) system, with prediction and ‘what-if’ capabilities
  • shared multi-stakeholder understanding of the business and security trade-offs
  • justified decision making
  • the introduction of science into your information security management system (ISMS), and the opportunity to expand.”

 

--- Posted by Marco Casassa Mont (here and here)  ---

 

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

 

--- NOTE:  my original HP blog can be found here  ---

 

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
Labels