Tag Archives: information sharing

Creating Risk Management Metrics that Matter

Ed Bellis    March 10, 2017

As a security team, you are what you measure. The problem is that too many security teams are tracking vulnerabilities, not measuring risk. This post examines how vital it is for security teams to establish risk-based metrics, offering examples of both the right and wrong measures to use. The paper then looks at the key steps to building risk management… Read more »

Clash of the Titans: How InfoSec and Remediation Teams Can Finally Get Along

Ed Bellis    October 26, 2016

Why the bad blood between InfoSec and Remediation teams? The reality is, they need each other. They just don’t always work alongside each other, or use the same metrics, or see things the same way, or…well, let’s just say there’s a lot of baggage there. Why We Can’t All Just Get Along Within many organizations, security teams and remediation teams… Read more »

If I Told You, I’d Have To Kill You

Ed Bellis    June 11, 2012

I’ve been talking a lot about information sharing within information security lately. Most recently at the ISSA CISO Summit in Denver. The presentation covers some of the new school of information security and walks through a few use cases on data-driven security. Sadly this past week has reminded how much “old school” is still being practiced. We saw a lot… Read more »

Losing Our Religion

Ed Bellis    January 16, 2012

An article in the Wall Street Journal last week caught my eye. After being teased into thinking the feds may be going new school a few weeks back, I am tempted to think this move by the banks might truly be. Having spent some time in my career in this world, I can vouch that this is actually a pretty… Read more »

Are The Feds Going New School?

Ed Bellis    December 1, 2011

Probably not… As much as the headlines of a new bill in Washington grabbed my interest with a twinkle of hope, it turns out in some ways this may be a step away from a new wave of information sharing. It appears to promote information sharing regarding security breaches between the private sector and the government by blanketing companies with… Read more »