The Digital Security Poverty Line

James TaralaAssurance, Governance, Metrics

Like many information security practitioners, this week marks the return to the office and reflection after attending the annual RSA Conference in San Francisco. Every year there are interesting speakers, some better than others, crazy parties, and a vendor show the size of a small city. And every year I admit I get a little contemplative at the end of … Read More

Critical Security Controls Maturity Model

James TaralaCritical Security Controls, Metrics

One of the projects that we have been thoroughly engaged on at AuditScripts.com has been to work with the Council on Cybersecurity on the Critical Security Controls project. If you haven’t had a chance to see the project, I would strongly recommend that you take a look. The full text can be most easily found at the SANS Institute at … Read More

Steps to Creating a New Metrics Program

James TaralaAssurance, Governance, Metrics

Metrics definitely seem to be a buzz word in information security circles these days. It seems that I can hardly give a presentation or meet with clients without the topic coming up at some point in our discussion. But to be fair, I think these discussions are healthy and I’m glad to see so many people beginning to ask the … Read More