security metrics and evaluation methodologies

["Nguyen Pham" <nguyen.petronius () gmail com>]

Hi list,

Is there any review, state of the art or state of the practice report that
compare and analysis current available security metrics for security
assurance measurement or assessment purpose?

Also, could you suggest me some resources analyzing existing methodologies
(such as OCTAVE, MEHARI, EBIOS, etc.) that can be used to evaluate security
assurance of an IT infrastructure?

Any suggestion and recommendation is welcome.
Thank you for your help.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/