Preview Mode Links will not work in preview mode

Unsolicited Response Podcast


Jun 29, 2022

Dale Peterson interviewed Richard Seiersen, author of new book The Metrics Manifesto: Confronting Security With Data.

  • For security controls - what would I see that would show me it is working? How do I measure the effectiveness and efficiency of my security controls?
  • Why is so much of the book code, and can the book be valuable if you don't go through the code?
  • A lot of time spent on categories of metrics: burndown and survival, arrival and escapes, and wait time
  • Most of the examples in the book are vuln prevention and remediation ... how will the statistics deal with increases due to SBOMs? ... how to address vulnerabilities with very different related risk?
  • How to address the CISO wanting a single dashboard with OT and IT metrics with very different risk related to those metrics?
  • The concept of value of / return on control and how some CISOs are dealing with cyber risk
  • Using SME beliefs as data
  • and a lot more

Links