Security Metrics: What is a "Metric"?

by Marcus J. Ranum on March 13, 2014

In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.

There are many important and useful tools related to the metrics landscape; let's take a look at some of them and how they fit together. For the sake of this discussion, I'll stick with the definition of “metrics” that I offered previously:

Taking Nessus Perimeter Service to the Next Level

by Jeffrey Man on March 11, 2014

There are several organizations who fit the mold of having just one Nessus scanner. The fact that they own and operate just one scanner is fantastic, it means they have the capability to discover vulnerabilities in their environment, and for most small to mid-sized companies can perform internal scans on a regular basis and react on the results.

Nessus Perimeter Service Wins Global Excellence Award for PCI Compliance

by Jeffrey Man on March 7, 2014

Tenable Network Security was recognized at the 10th Annual Info Security Industry’s Global Excellence Awards dinner held last week in San Francisco. Nessus®/ Nessus Perimeter Service™ received a Global Excellence Award in the PCI Compliance Category. The Info Security Products Guide recognizes that over two-thirds of all PCI-Certified Approved Scanning Vendors (ASV) use Nessus, making Nessus the preferred vulnerability scanning solution for those companies that provide compliance validation services.

Critical Systems Security – Questions and Answers from SANS

by David Schreiber on February 26, 2014

The challenges of control systems security have been highlighted publically once again with the release of the NIST Cybersecurity Framework earlier this month. Further evidence of the need for improvements in how utilities and other critical infrastructure operators address cybersecurity was brought to light by ICS-CERT's Q4 2013 report on incident response activity.