You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

ITSS

What We Have

 

Name

Definition and Source

Current Understanding of Metric 

Audience

Producer

Published

Other Notes

 

DMCA Takedown Notices Handled

Count of tickets received into the DMCA queue in RT.

These notices are generated by copyright enforcement consultants representing industries like the RCIA, MPAA, etc., whose works tend to get shared to the world from machines on our network.  Volume measures inform questions like "Is the problem getting better or worse".

General

CSS HQ via  RT reports

QRs

DMCA::Referrals is not in scope.  Should it be?

 

 

StopIT requests handled

Count of tickets received into the StopIT queue in RT.

Volume measures inform questions like "Is the problem getting better or worse".

General

CSS HQ via  RT reports

QRs

StopIT is an example of an old issue that never quite dies away but is hardly the main matter anymore in the security space.

 

 

Net-Security tickets

Count of tickets generated into the Security queue in RT.

Volume measures inform questions like "Is the problem getting better or worse".
The issue with Security is that it runs processes that

General

CSS HQ via  RT reports

QRs

 

 

What We'd Like to Add

1. The real business of ITSS is "Incident Response" – the kinds of incidents keep changing over the years, with the old ones never quite disappearing but definitely growing passe. ITSS is very involved in helping to reduce MIT's risk of exposure in the event of data spills or other incidents. In incident response, the existing team is flat out; more incidents just increase the backlog. Tims judgement is there will never be more staff. ITSS can find as many security problems to work on as there are staff to do it. the role of metrics in guiding the business is therefore limited.
That said, metrics about data spill-like incidents would include these measures for each kind of incident:

- N of incidents per time – these occur without warning. 

- % backlog (N of tickets currently in backlog for analysis; can measure wait, dwell time, etc.  Tom Jagatic does the analysis for data spills; each takes about 40 hours.  Others work on Net-Security, StopIT and DMCA.

- Type of risk exposure (SSN, credit card #s, accounts and passwords…) 

- Sizeof exposure (n of records, etc.)

- Findingtype – no breach, breach + notification, etc.

- Attacktype – malware, password sniffer, sniffer that looks only for bank accounts and passwords

It is not now possible to really measure these easily using existing tools.

  • No labels