Friday, December 2, 2011

A New Breed of Security Attributes for Our Time

I've been on the subject of grid and Smart Grid security measurement and metrics now for quite a while, and all around are signs that we're making slow but steady progress.

In Jack Danahy's latest mega-post on security from an industry perspective, you'll find a call to substantially overhaul the way security practitioners do business, with an emphasis on, among other things, measurement:
We should be able to describe how much time and money is spent to prevent the introduction of vulnerabilities vs. preventing the exploit of vulnerabilities vs. preventing the release of private information. We should be able to point to the documented practices in place to remediate vulnerabilities that are found, or to interrupt exploits in process, or to clean-up after a breach has occurred. In order to justify the strategic importance of security we must take a fresh look at the criteria by which we judge and measure it.
Warning: this material is not for the meek or groggy. Make sure you've got your got your thinking cap on straight before digging into the full post, HERE.

And note: this isn't the first time Jack has summoned the Parkerian Hexad. He took his first electric sector-specific run at it on a year and a half ago, HERE.

Image credit: