7

Automating Metrics Calculations

“It takes more than understanding the problem to explain to a computer how to solve it.”

developerdude (anonymous), ca. November 2004

“History may not repeat itself, but it does rhyme a lot.”

Mark Twain

The previous chapters tackled some of the more theoretical concepts related to security metrics: why we ought to be measuring security, and what sorts of things we ought to measure. This chapter’s intent is more practical: to describe how to gather the data we are looking for. Because much of the data we seek are, in most organizations, stored inside a vast array of databases, system logs, spreadsheets, and brains, any discussion of “how” must discuss the mechanical processes that enable us to gather data ...

Get Security Metrics: Replacing Fear, Uncertainty, and Doubt now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.