SecurityMetrics Documents Security Cycles
Andrew Jaquith of SecurityMetrics.org posted an interesting story called Hamster Wheels of Pain. It's a follow-up to an earlier article. I think the present story is cool because Andrew collected and posted the security process "wheels" of 11 security vendors.
I recognize Foundstone's in there, shown as a thumbnail at left.
I think Andrew is a little too cynical regarding some of these process charts. Some are used to sell products, and often reflect vendor biases. Others are just ways to break the security problem down into manageable chunks.
I use the diagram at right in my classes to emphasize the traffic-centric approach I take to network security operations. Does this make me bad? I doubt it.
I recognize Foundstone's in there, shown as a thumbnail at left.
I think Andrew is a little too cynical regarding some of these process charts. Some are used to sell products, and often reflect vendor biases. Others are just ways to break the security problem down into manageable chunks.
I use the diagram at right in my classes to emphasize the traffic-centric approach I take to network security operations. Does this make me bad? I doubt it.
Comments