Versions Compared

Old Version 3

changes.mady.by.user Robert W Smyser

Saved on

compared with

New Version Current

changes.mady.by.user Robert W Smyser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

 

Name

Definition and Source

Current Understanding of Metric 

Audience

Producer and Means of Production

Published At

Other Notes

 

DMCA Takedown Notices Handled

Count of tickets received into the DMCA queue in RT.

These notices are generated by copyright enforcement consultants representing industries like the RCIA, MPAA, etc., whose works tend to get shared to the world from machines on our network.  Volume measures inform questions like "Is the problem getting better or worse".

General

CSS HQ via  runs RT reports that count tickets

QRs QR

DMCA::Referrals is not in scope.  Should it be?

 

 

StopIT requests handled

Count of tickets received into the StopIT queue in RT.

Volume measures inform questions like "Is the problem getting better or worse".

General

CSS HQ via  runs RT reports reportsthat count tickets

QR QRs

StopIT is an example of an old issue incident type that never quite dies away but is hardly the main matter anymore in the security space.

 

 

Net-Security tickets

Count of tickets generated into the Security queue in RT.

Volume measures inform questions like "Is the problem getting better or worse".
The issue with Security is that it runs processes that
General find problems and reports them; they can "find" as many problems as they have staff time to deal with.

CSS HQ via  runs RT reports that count tickets

QRs

QR

Net-Security is another example of a once-hot incident type that is now fading in importance but won't go away.  

 

Panel

What We'd Like to Add

1. The real business of ITSS is "Incident Response" – the kinds of incidents keep changing over the years, with the old ones never quite disappearing but definitely growing passe. ITSS is very involved in helping to reduce MIT's risk of exposure in the event of data spills or other incidents. In incident response, the existing team is flat out; more incidents just increase the backlog. Tims judgement is there will never be more staff. ITSS can find as many security problems to work on as there are staff to do it. the role of metrics in guiding the business is therefore limited.
That said, metrics about data spill-like incidents would include these measures for each kind of incident:

- N of incidents per time – these occur without warning. 

- % backlog (N of tickets currently in backlog for analysis; can measure wait, dwell time, etc.  Tom Jagatic does the analysis for data spills; each takes about 40 hours.  Others work on Net-Security, StopIT and DMCA.

- Type of risk exposure (SSN, credit card #s, accounts and passwords…) 

- Sizeof exposure (n of records, etc.)

- Findingtype – no breach, breach + notification, etc.

- Attacktype – malware, password sniffer, sniffer that looks only for bank accounts and passwords

It is not now possible to really measure these easily using existing tools.