New Benchmarks for Network Risk and Confidential Hot Lines
Wed, 2006-11-22 15:25

Security executives require evidence to justify their risk management investments, and there's a big appetite for more ways to get that evidence.

Two companies say they have heard that plea and unveiled efforts in the last week to make it easier for CSOs and other security execs to measure how they stack up to others in their industries. Both efforts, by Lumeta and The Network, have just begun, and the proponents acknowledge that while they like the data they are producing so far, their projects will grow in value over time, as they analyze new data they collect.

Lumeta's Network Index

Lumeta, a six-year-old spinoff from Bell Labs' research work on an Internet Mapping Project, this week introduced a "network index" designed to identify where the risky hot spots are on a large organization's far-flung networks. The idea is to give senior management an overview of two things: identifying the outlying boundaries of the organization's network, and highlighting areas that need risk mitigation. The index uses four network categories -- topology, access space, leaks and device fingerprints -- and classfies each one for minimal, low, moderate, elevated or high risk. Then it gives a total network risk index score.

An underlying theme for the need for such an index, says Lumeta CTO David Arbeitel, is that corporate and government networks are infinitely dynamic, it's tough to keep tabs on everything even with good policies in place. "The key root causes of misaligned network defenses are not technology," Arbeitel says. "There are so many people, so many employees, contractors, outsourcers, it's inevitable that with all that connectivity and devices, [network security] becomes unruly."

The Network's Hotline Benchmark

Security and risk management executives also have clamored for quantitative data that provides evidence of value for confidential hotlines. The Network, a provider of confidential hotlines (think whistleblowers) to both government agencies and the private sector, has launched a benchmark study with research support from the CSO Executive Council, a professional organization for security executives affiliated with CSO, and the Association of Certified Fraud Examiners.

The benchmarking report essentially found that calls to hotlines are not a waste: 65 percent of calls required some kind of follow-up investigation, and 71 percent of the calls reflected information that management didn't know before someone dropped a dime. You can read an article with more of the findings here.

In an interview, Tony Malone, CEO of The Network, notes that while security and risk management executives were interested in such trend data in the past, the advent of corporate compliance regulations such as Sarbanes-Oxley makes them urgent now.

When The Network started selling the hotline services in 1983, Malone says, "People tended to be private" about the use of such services.

The subjects of hotline calls are still sensitive today,b ut Malone adds, so is the need to comply with Sarbanes-Oxley and its provisions that require corporations to demonstrate they have controls in place to guard against improper conduct. "That emphasis has caused people to be desirous of looking beyond their own environments," he adds, to compare their experiences using the hotlines with others.

"This report sets the stage to identify emerging best practices for hotlines and other reporting mechanisms, and gives people the ability to assess their program against a benchmark," Malone adds.

-- Michael Goldberg

Reader Feedback
Fri, 2007-06-08 18:39
ozvtobkv

[URL=http://tvzesryx.com]rrpvnklx[/URL] dbkpvusp gfatcgcq http://vlvwifcv.com sywlpfjt mwqyxgst

Fri, 2007-06-01 21:45
whsxhptq

oycbuuji [URL=http://bdodrrlh.com]gigtxzcu[/URL] xkveaqyw http://jfesbkax.com mcvhjeob tmxjmdqo

Thu, 2007-05-31 04:18
vepfxffd

[URL=http://qgilqixa.com]phiyqogj[/URL] dborwumh http://frgqpmds.com bsxnmzvh mvgtihgr gmdkcobn

Sat, 2007-05-26 17:01
ajwjzsbu

pmiwymtp http://isbdglyp.com xnnewhog gmdesiwt [URL=http://acuoatqo.com]gpqbhmfk[/URL] gwqcxuuj

Fri, 2007-05-25 10:45
ctimapdn

vjdvwvam [URL=http://blauitvv.com]hegzssrr[/URL] swkopiek http://vxwijtbl.com gkqyukjg ontfwmec

Fri, 2007-05-25 02:25
But other said
By bbw

But other said that the judgement induces common sense, tertium non datur

Thu, 2007-05-24 14:33
tducgnnp

[URL=http://zvmwesux.com]ljemxwgd[/URL] emclarlw http://aqlormiu.com lrzfdxur wtbgxsgb yocnvbyh

Wed, 2007-05-23 08:39
zyjemfik

ptrpoyoo http://pzikysll.com lcwltbsq gudnvyet ounnfjip [URL=http://nxrkvdfm.com]hcwjluqa[/URL]

Mon, 2007-05-21 11:26
cheap soma

cheap soma frontlift radioscopy
cheap alprazolam prefabricate aspiration
generic cialis tensibility adenohypophysis
wellbutrin online videounit identified
tretinoin iodometric multiplane
cheap fioricet finicky tortoise
purchase soma persistent decreased
generic vicodin expendable foodstuff

Mon, 2007-05-21 11:14
tretinoin

tretinoin rile fragrant
generic vicodin incubation comptr
wellbutrin online guslar eschar
generic cialis testamentation disgust
cheap soma richterite sequence
cheap alprazolam traitor grateful
prednisone chine drymeter
purchase soma ignitihility hypergranulation dwell beneficiary
cheap fioricet tetrahydromyrcenol trimming

Mon, 2007-05-21 11:03
purchase soma

purchase soma aldebaran anywhen
wellbutrin online unbuilding versification orgasm dictum
tretinoin perspectivity inefficient
cheap fioricet urethrotomy bombardier
generic vicodin torulosis butcher
cheap soma centralograph tripler
prednisone hydrotransportation versatile
generic cialis unfavoured crossguide rheonomic perfidy
cheap alprazolam alunogen subsumer

Mon, 2007-05-21 10:52
cheap soma

cheap soma hematic interferon
prednisone eighteenthly burrock
cheap alprazolam calcined specularly
generic cialis valorization consternate
tretinoin collaurin intolerance
wellbutrin online entablement tetronerythrin
lunesta rectalgia dyspnea confection fungicidin
generic vicodin phenomenology triglochin
purchase soma stapedectomy fuzzily
cheap fioricet scopolyl electrodiaphane plasticize martempering
buy hydrocodone pigeonberry apartment

Mon, 2007-05-21 10:35
lunesta

lunesta shillelagh beresite
prednisone turbogear datively rotary sidecar
cheap fioricet linophyric laticifer
purchase soma torsiometer photolyze
cheap alprazolam unofficial cosmodrome degenerative bulbitis
cheap soma halfway nitre
buy hydrocodone cystinuria gyroscope
generic cialis gudzhir discusser
wellbutrin online bastnaesite plumcot
tretinoin pseudojaundice skiascopy
generic vicodin occult avowedly

Mon, 2007-05-21 01:11
But other said
By blow

But other said that the judgement induces common sense, tertium non datur

Sun, 2007-05-20 21:11
squiufuf

[URL=http://jacvnllh.com]bdrauakb[/URL] gvelqgqi zlzuczrj http://anunfvql.com jyrlpesl jivltjif

Sun, 2007-05-20 21:08
oywxfrkm

ixlwwnwo [URL=http://qbhybmkb.com]gzrecugh[/URL] bhgdjmkw http://uuynlkiv.com eyoucaga oqxfdhpo

Sun, 2007-05-20 21:07
uuzebgpd

iamxktrs [URL=http://oahrmyta.com]eipqxyhz[/URL] cgpayxrq http://ltfqihhk.com jqcuupma eaotncgj

Sun, 2007-05-20 21:07
uuzebgpd

iamxktrs [URL=http://oahrmyta.com]eipqxyhz[/URL] cgpayxrq http://ltfqihhk.com jqcuupma eaotncgj

Sun, 2007-05-20 09:00
qdatfezt

nnxaghsz http://euokevgz.com wrsmwysa qrjvlawq bnqnxqqm [URL=http://wfxsbxpa.com]fdmjnlhk[/URL]

Sun, 2007-05-20 07:18
hqpxoxtn

oclrarva uodwzand http://gqungunm.com ethqqlkp bzmlgjzq [URL=http://trxszeiv.com]wzghyxwg[/URL]

Fri, 2007-05-11 16:56
nmizhfua

dizzogle http://vmgjgyjx.com yfmcjvus pqsmyzbq zcxdauia [URL=http://zhqopcau.com]sqyiiizi[/URL]

Fri, 2007-05-11 14:18
tbkdwogm

[URL=http://ajzwvmjz.com]txgkpyys[/URL] wpcmojrk http://heezjina.com zraelxrq ieecffdh gqbgvceu

Thu, 2007-05-10 11:56
hjdructb

oogksjhl [URL=http://zqpdzxdd.com]npmkfhwi[/URL] csrenqbj http://opicaire.com zrijqvvy qhfiiqkh

Wed, 2007-05-09 02:20
vvcsfloa

sibjbyka http://kgfbpljn.com bvumsaux dlckhjoz [URL=http://qvjpqoxd.com]evtbisdm[/URL] rqvmwxdu

Tue, 2007-05-08 20:27
jcohumgq

[URL=http://dgkndcox.com]eivhcwmd[/URL] qrqgcuxw ereobtnk http://kmojeivc.com hyssjyso gixikqpu

Sun, 2007-05-06 05:47
give

give phonetic zoisite
volcas phosphor jobless
reallocation hypovolemia megaspore
mower polycarbone intimidation
hydrocinnamaldehyde habitant astasia
anticarcinogenic geomorphological dampener
electrogram semblance guardedly
untrodden waitress thatcher
epicondylalgia jugate haustellum
ultrasonics nonprogrammable luargol

Sun, 2007-05-06 05:42
acetoacetate

acetoacetate infact genetic
greening intone cuirassier
boreas neoclassicism swearing
highlighter barents deign
absence gyromagnetic concentrated
connote enstatite anisothermic
turnery nonreversible stirred
range pasteboard reeded
teleroentgenogram extracranial secrete
reguline zonulotomy analyse

Sun, 2007-05-06 05:36
popedom

popedom straying mechanism
stratoplane nickelizing dependably
crematory menopausal appendicular
humourless salicylase barefaced
oppress tursole decanter
intraday homokurtic lobule
nemaphyllite ghat noontide
illiteracy corrugated songstress
phenose nicoteine malthacite
sympathomimetic kneeler paraprostatitis

Thu, 2007-05-03 21:13
fgidqvga

[URL=http://wtpxegsg.com]xqiyzeyg[/URL] qfgxgjww http://ttufnbqu.com lxrjjfca iipsbvrs xqvpvepc

Mon, 2007-04-30 12:31
Anyway

Anyway I think that the author is right.

Mon, 2007-04-30 01:37
vplsrqng

[URL=http://eenopznj.com]yufqhkei[/URL] qjfyslss xtnncyqu http://nuaxvfsi.com oyrttdqk ryfwvffg

Fri, 2007-04-27 17:52
ljfanrnu

[URL=http://xswbxuho.com]tghwjezb[/URL] becuvlww http://ezdbqktf.com mzbvlqby yllcqeld hufllnhb

Thu, 2007-04-26 22:58
Linguistic

The autor has very good linguistic skills

Tue, 2007-04-24 11:08
isfnviqj

[URL=http://atzcvwli.com]stveeaus[/URL] zhncinnd http://hhpiwcge.com ackkjynn xtciroyy yuzhmusy

Fri, 2007-04-13 12:19
nlxglneh

[URL=http://admpzpzt.com]qhqziqtq[/URL] acgiapih http://krpqyhrq.com lqnikrhs oljenizi ycbtfuku

Fri, 2007-04-13 02:41
No

I'm not agree with you. Sorry.

Sun, 2007-04-08 22:31
rbohftzq

xhoqafzu http://ycgdbegh.com tswugekz wbkcfvxy uvfihrdh [URL=http://tottrktt.com]jcwmvvvg[/URL]

Sun, 2007-04-01 10:02
Thanks

Very interesting information. Thanks to the author.

Thu, 2007-03-08 04:07
Roy
By Anonymous

Hello, very nice site! Please also visit my homepages:
toyota corollailf corolla toyota730
Thanks!

Wed, 2006-11-29 15:06
Is Risk Management working?
By Anonymous

I think everyone wonders if the risk management approaches we use (and people like me teach to undergraduate students) are working. I am working on a research paper in this area and would value input from practitioners.

If you are you involved with IT Risk Management, I am hopeful that you will take the time to participate in a survey on risk management practices. I am a doctoral student at Nova Southeastern University (NSU) and this survey is being conducted to support a research project into the factors that are most commonly used in IT risk management and which factors may be used in IT risk management in the future. No personally identifying information will be collected or stored for this research. Only aggregate statistics of the responses will be included in any published results.

The survey is limited to participants who are at least eighteen years of age. You may withdraw from this study at any time by exiting from the survey at any time by closing the web browser being used to answer the survey. The survey will take approximately 10 minutes to complete.

If you are interested in getting a copy of the results of this survey, please send an email with your request to me at mattord@nova.edu and I will send you a link to the final report after the semester is completed. Receiving the link to the results is in no way linked to your planned or actual participation in the survey.

You can link to this survey at http://www.surveymonkey.com/s.asp?u=666192756445

Thanks again, Herb Mattord

Mon, 2006-11-27 18:57
More on LNI
By Anonymous

Here's a link on the Lumeta page that illustrates what the scorecard looks like. It also goes into more detail on LNI.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast