This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-126524750-1252655372=:31372
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://gcn.com/articles/2009/09/14/update-1-security-metrics-lacking-for-it-systems.aspx 

By William Jackson
GCN.com
Sept. 10, 2009

Information technology security is a hot topic, but attention usually 
focuses on the lack of it. What is missing is an objective, quantifiable 
way to effectively measure it.

"Security can be looked at in different ways by different people,=E2=80=9D "aid 
Wayne Jansen, a computer scientist at the National Institute of 
Standards and Technology's IT boratory. There is quality control for 
code developers, the process of deploying a system, and its maintenance 
by users. "ese are all different aspects,=E2=80=9D " they do not lend themselves 
to traditional methods of measurement used in physical science, he said.

Jansen has examined the status of efforts to develop security metrics, 
identified challenges and suggested a course for future research in a 
recent NIST report, "Directions in Security Metrics Research."

There have been a number of efforts to establish metric systems for 
security, including the international Common Criteria, the Defense 
Department's usted Computer System Evaluation Criteria, the European 
Communities' formation Technology Security Evaluation Criteria, and the 
International Systems Security Engineering Association's systems 
Security Engineering Capability Maturity Model.

[...]


--1457021584-126524750-1252655372=:31372
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________
Please Donate to the Ron Santo Walk to 
Cure Diabetes with Ethan's Crew!
http://www.c4i.org/ethan.html 
--1457021584-126524750-1252655372=:31372--