...
| Panel |
|---|
What We'd Like to Add 1. The real business of ITSS is "Incident Response" – the kinds of incidents keep changing over the years, with the old ones never quite disappearing but definitely growing passe. ITSS is very involved in helping to reduce MIT's risk of exposure in the event of data spills or other incidents. In incident response, the existing team is flat out; more incidents just increase the backlog. Tims judgement is there will never be more staff. ITSS can find as many security problems to work on as there are staff to do it. the role of metrics in guiding the business is therefore limited. - N of incidents per time – these occur without warning. - % backlog (N of tickets currently in backlog for analysis; can measure wait, dwell time, etc. Tom Jagatic does the analysis for data spills; each takes about 40 hours. Others work on Net-Security, StopIT and DMCA. - Type of risk exposure (SSN, credit card #s, accounts and passwords…) - Sizeof exposure (n of records, etc.) - Findingtype – no breach, breach + notification, etc. - Attacktype – malware, password sniffer, sniffer that looks only for bank accounts and passwords It is not now possible to really measure these easily using existing tools. |