Tuesday, October 11, 2005

SecurityMetrics Documents Security Cycles

Andrew Jaquith of SecurityMetrics.org posted an interesting story called Hamster Wheels of Pain. It's a follow-up to an earlier article. I think the present story is cool because Andrew collected and posted the security process "wheels" of 11 security vendors.

I recognize Foundstone's in there, shown as a thumbnail at left.

I think Andrew is a little too cynical regarding some of these process charts. Some are used to sell products, and often reflect vendor biases. Others are just ways to break the security problem down into manageable chunks.

I use the diagram at right in my classes to emphasize the traffic-centric approach I take to network security operations. Does this make me bad? I doubt it.


Stiennon said...

Ha! I have been saving the "circle diagrams" as well. I have 5 that Andrew does not. I should post them.

Anonymous said...
This comment has been removed by a blog administrator.