ITSS
What We Have
|
Name |
Definition and Source |
Current Understanding of Metric |
Producer and Means of Production |
Published At |
Other Notes |
|
|---|---|---|---|---|---|---|---|
|
DMCA Takedown Notices Handled |
Count of tickets received into the DMCA queue in RT. |
These notices are generated by copyright enforcement consultants representing industries like the RCIA, MPAA, etc., whose works tend to get shared to the world from machines on our network. Volume measures inform questions like "Is the problem getting better or worse". |
CSS HQ runs RT reports that count tickets |
QR |
DMCA::Referrals is not in scope. |
|
|
StopIT requests handled |
Count of tickets received into the StopIT queue in RT. |
Volume measures inform questions like "Is the problem getting better or worse". |
CSS HQ runs RT reportsthat count tickets |
QR |
StopIT is an example of an old incident type that never quite dies away. |
|
|
Net-Security tickets |
Count of tickets generated into the Security queue in RT. |
Volume measures inform questions like "Is the problem getting better or worse". |
CSS HQ runs RT reports that count tickets |
QR |
Net-Security is another example of a once-hot incident type that is now fading in importance but won't go away. |
|
What We'd Like to Add
1. The real business of ITSS is "Incident Response" – the kinds of incidents keep changing over the years, with the old ones never quite disappearing but definitely growing passe. ITSS is very involved in helping to reduce MIT's risk of exposure in the event of data spills or other incidents. In incident response, the existing team is flat out; more incidents just increase the backlog. Tims judgement is there will never be more staff. ITSS can find as many security problems to work on as there are staff to do it. the role of metrics in guiding the business is therefore limited.
That said, metrics about data spill-like incidents would include these measures for each kind of incident:
- N of incidents per time – these occur without warning.
- % backlog (N of tickets currently in backlog for analysis; can measure wait, dwell time, etc. Tom Jagatic does the analysis for data spills; each takes about 40 hours. Others work on Net-Security, StopIT and DMCA.
- Type of risk exposure (SSN, credit card #s, accounts and passwords…)
- Sizeof exposure (n of records, etc.)
- Findingtype – no breach, breach + notification, etc.
- Attacktype – malware, password sniffer, sniffer that looks only for bank accounts and passwords
It is not now possible to really measure these easily using existing tools.