Shostack + Friends Blog Archive


Gordon on Security

There’s a good interview with Larry Gordon at SecurityPipeline. It came out in April of last year, but I’d missed it. Gordon has hosted the Security and Economics workshop.

“I go to security conferences where we all sit around puzzling about what kind of metrics to use for measuring the results of security programs,” says Adam Stone, an analyst who specializes in security management for the financial services industry. “The metrics we have right now–the ones we use for assessing vulnerability and measuring the effectiveness of our investments–are all based on subjective judgments. They’re fundamentally flawed. But there are financial, statistical, economics and securities professionals who deal with these kinds of uncertainties all the time, with methods that allow them to predict and measure business effectiveness in a rational way. We can learn from them.”

(Thanks to Mr. X for the pointer.)

One comment on "Gordon on Security"

  • Short ones…

    Hop on a plane, land, and discover Adam has posted 13 blog entries, including one that asks for more topics! Congrats on 500 posts! He posts on some testimony: ” the only part of our national security apparatus that actually…

Comments are closed.