Data Driven Security


Download presentation and listen to the podcast given at RSA Conference 2013 Europe on October 30, 2013.

Participate in this Project

Participate in the community of infosec leaders developing, using and sharing real-world metrics for their security programs.

* *
About This Project

The goal of the Data Driven Security project is to collect examples and implementation guidelines for information security metrics and to make them available to a broad audience. The focus is on metrics that have been proven to work in practice, because they make use of data points that are readily available for their measurements and because they provide valid and intuitive information on the state of a security program that can be understood by professionals outside of information security.

Data Driven Security
Survey of Field-Proven Information Security Metrics
Internet Explorer Patch Half-Life from September 2013 Patch Tuesday

Published Date: October 30, 2013
Metric #1: Vulnerability Half-Life

First defined as a metric in 2003, half-life is the time interval needed for reducing the occurrence of a vulnerability by half. The initial average duration of half-life has been around 30 days. The duration of the interval varies by industry sector, with clear distinctions for example between finance and manufacturing. Another influencing factor is the application class, where applications that offer a structured update mechanism are typically found on the leading edge of the half-life metric. Vulnerability half-life data is based on the over 800 million scans performed yearly by Qualys.

Metric #2: TBD

Additional metrics will be added as they are defined by project participants.