IDS mailing list archives
Re: IDS Security Metris
From: "Eric Hacker" <focus () erichacker com>
Date: Thu, 5 Apr 2007 16:13:44 -0400
On 4 Apr 2007 21:29:44 -0000, jlynnmonett () yahoo com <jlynnmonett () yahoo com> wrote:
Could someone help me. I need to create a list of 10 security metrics for a IDS.
10 seems rather arbitrary. Is this for some useful business purpose or a class? 1. For every incident investigated due to the detection of events from the IDS, estimate the financial impact of not detecting the issue. Track the total gross. 10. Track false positive incidents. That is the number of times the pager went off due to an alert on something that was not that critical. Because new signatures are always being added, this will probably be flat in a mature IDS program. 11. Track false negatives that generate new pager rules. That is the number of times the analysts were reviewing the non-paging events and found something that you should have been paged on. This justifies the time and cost for the constant review of events. There I gave you an extra one. Metrics are usually based on the specific needs of the IDS processes, how they fit into the overall Security processes, the level of risk tolerable to the business, and the threats. Without more details on the particular situation, one might as well assume you're using binary. In general if one is asking for help on a mailing list, one should provide at least as much information as one expects back in return. I should have replied that I am sure someone out there could help you, but I was feeling generous. Regards -- Eric Hacker, CISSP aptronym (AP-troh-NIM) noun A name that is especially suited to the profession of its owner I _can_ leave well enough alone, but my criteria for well enough is pretty darn high. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- IDS Security Metris jlynnmonett (Apr 05)
- Re: IDS Security Metris Jamie Riden (Apr 05)
- Re: IDS Security Metris Stefano Zanero (Apr 09)
- Re: IDS Security Metris Jamie Riden (Apr 09)
- IDS/IPS evaluation (was Re: IDS Security Metris) Tremaine Lea (Apr 09)
- Re: IDS Security Metris Stefano Zanero (Apr 09)
- Re: IDS Security Metris Eric Hacker (Apr 05)
- Re: IDS Security Metris dpat (Apr 09)
- Re: IDS Security Metris tim_holman (Apr 10)
- Re: IDS Security Metris Jamie Riden (Apr 05)