New security metrics discussion group


One of several competing interests that keeps me away from this blog is the new LinkedIn group "Security Metametrics". 

In setting it up as a moderated forum, Krag Brotby and I intend to keep the discussions focused on security metrics, specifically, hopefully excluding the banal and off-topic marketing drivel and job ads that infest other groups, decimating the signal-to-noise ratio (hence you may occasionally catch me referring tongue-in-cheek to "LinkeDin").

It's early days for the group but so far we have introduced both the PRAGMATIC method and the concept of metametrics, and discussed some of the reasons why security metrics are not yet widely used. I have cross-posted a couple of our 'Security Metric of the Week' pieces from the Security Metametrics blog and I am looking forward to your feedback on the example metrics, the PRAGMATIC approach, our book and so forth.

Everyone with a genuine interest in metrics is most welcome to join the group, regardless of background and expertise in this area. We know that many information security professionals are somewhat intimidated by metrics, and even the greybeards among us struggle with this topic. Heck, Krag and I are still struggling with it - we certainly don't have all the answers, not yet anyway!  

Personally, I find it fascinating to be actively engaged an evolving field of study and research. A small but select bunch of academics and practitioners are quietly pushing back the frontiers. We'd appreciate your help. Information security management has limped along without decent measures for far too long. The time is ripe to up our game.