Measuring the software assurance of a product as it functions within a specific system context involves assembling carefully chosen metrics that demonstrate a range of behaviors to establish confidence that the product functions as intended and is free of vulnerabilities. The first challenge is to establish that the requirements define the appropriate
Topic: Cybersecurity Metrics
The National Institute of Standards and Technology Software Assurance Metrics and Tool Evaluation team conducts research in static analysis tools that find security-relevant weaknesses in source code. This article discusses our experiences with Static Analysis Tool Expositions (SATEs) and how we are using that experience to plan SATE VI. Specifically, we
WikiLeaks published a trove of purported CIA files this week, renewing debate over government hacking and surveillance techniques. But many experts say the anti-secrecy group’s analysis of the data may have been intentionally misleading.
Cyber-insurance is an insurance product used to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Risks of this nature are typically excluded from traditional commercial general liability policies. Coverages provided by cyber-insurance policies may include
The Cyber Security Metrics Workshop is a one-day review of current trends in policy, tools and techniques of interest to managers and Cyber Security professionals useful in measuring one's cyber security vulnerability. The workshop provides an overview of the current state of understanding of what is presently available and will focus on what research needs
Cyber security metrics often focus on compliance and exposure to risk based on factors such as number of attack vectors and duration of exposure to vulnerabilities. Based on trends published in reports such as the Verizon DBIR of 2013, current cyber security metrics practice needs to improve in order to detect cyber-attacks quickly and drive business action.
The need and desire for metrics on cybersecurity has been a priority request from OSD leadership for ten years. When “cyber” became a quasi-official warfighting “domain” a decade ago, major programs of record were categorized as “cyber” programs. As such, the programs needed quantitative program parameters so that DoD leadership could track financial
Adoption of cloud computing requires a thorough understanding of its purpose, characteristics, underlying technologies, service models, and the standards that govern its deployment. This webinar will discuss the fundamental features of cloud computing, service models, deployment models, business models, and provide a brief overview of major providers.