Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Wednesday, July 21, 2010

On Security Analytics: Putting the Science into Security Management

In a previous post of mine, I mentioned the Security Analytics initiative. I promised to provide more details. Here they are.

I attach a datasheet called “Security Analytics: Putting the Science into Security Management”, by Vistorm (an HP Company).

The IAM area (and the HP Labs Identity Analytics activity) is covered in Security Analytics. Hopefully the datasheet will provide more details.

Here is an extract from the introduction:

“As the pressure on business increases so does the complexity of the security challenges. As a result security teams are finding it increasingly harder to achieve, measure and communicate a measurable reduction in business risk.

So how should a security team determine the best possible strategy: How much should be spent; what should be prioritised; what trades-offs to accept between lowered risk and business disruption; how to champion and justify security decisions to the business?

Vistorm, an HP Company and HP Labs have a shared vision for next generation security management: one that helps our clients achieve a measurable reduction in business risk along with a lower long term investment in information security.

Security Analytics is at the heart of this vision and is about creating tools and methodologies to address rigorously the challenges that security teams face in driving more effective security strategies. …”

Here are more details about the currently available Packaged Security Analytics:

“By combining Vistorm’s expertise in security governance with HP Labs’ expertise in security research we are able to offer a packaged consulting engagement featuring repeatable, short term engagements to address security management challenges (people, process, policy and technology) in two key areas:

  • Vulnerability and threat management (VTM), and
  • Identity and access management (IAM).

The value of these engagements is:

  • a rigorous exploration of your (VTM or IAM) system, with prediction and ‘what-if’ capabilities
  • shared multi-stakeholder understanding of the business and security trade-offs
  • justified decision making
  • the introduction of science into your information security management system (ISMS), and the opportunity to expand.”


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)