Security Metrics: Scorecard Design

Andrew Jaquith Andrew Jaquith Follow Oct 19, 2005 · 1 min read
Security Metrics: Scorecard Design
Share this

Author’s note: the chapter is not finished. It has some organizational and structural flaws that won’t be ironed out until later in the editing process. There are also some parts that need additional fleshing out. However, it should give you a good idea where my head is at.

What does this mean to you? Simple. Since you’ve come to this website, you are by definition someone deeply interested in both measurement and security. I’d like to get your comments and feedback on the manuscript.

The preferred method for giving me feedback is via the wiki. If you’ve got an account on the wiki, you can “mark up” the wiki page itself with your comments. Just put your comments underneath the relevant pages. [Ed: As of early 2013, comments have moved to Discus, below this page.]

I’m also happy to receive feedback privately via e-mail – especially if you work for an enterprise and would rather keep out of the spotlight.

A minor comment: I would add at least a paragraph for each of those metrics to explain what those are and why they are needed.

Andrew Jaquith
Written by Andrew Jaquith Follow
I’m Andrew Jaquith, a Managing Director in financial services. I have worked for JP Morgan Chase and Goldman Sachs. Previously, I was CTO SilverSky, and former analyst with Forrester and Yankee Group. My interests include security and risk, anything data-related, app development, visualization, good writing and spirited discussion.