Re: Security markers

[p1g <killfactory () gmail com>]

Vulnerability Scan results?
       Number of vulnerabilities fixed since last scan

Account management
       Any stale accounts discovered?
Reported Incidents
        Defaced websites
        Number of external scans or exploit attempts
Anti Virus
       Number of detected and deleted or cleaned infections
Security Awareness
       Number of advisories sent out
       Number of security tips distributed
       Number of visits on Security awareness website
       Number of employees that took online securty awareness training
       Scores of any security awareness exams/tests

I would include some metric from any solution or tool that was
'purchased' this year.

These guys at the top are only concerned with what they get for their $$

Security is just a line item on the budget to these guys  =)

On 3/2/08, Martin M Samson <martin.samson () videotron ca> wrote:
> Hi group!
>
>
> I'm building a security report for internal use.
>
>
> What would be the best markers to include in this monthly report to
> management?
>
>
> Right now we don't have any restriction on the number of items we can put in
> the report but we would like something concise.
>
>
>
> Thanks!
>
>
>
> Mork.


-- 
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke