Archive - November 2000
Measuring Success with Security Metrics
Try to imagine a world without metrics. The temperature would only be “hot” instead of 95° or a project would be “in progress” instead of 75% complete. Metrics provide an effective way to keep track of vital information. They are particularly useful for identifying trends and measuring the progress of activities. When used effectively, security metrics provide a uniform way to make decisions and to measure progress in information security.
Developing a Virtualization Security Policy
Eric Vanderburg
Since many organizations are rapidly virtualizing servers and even desktops, there needs to be direction and guidance from top management in regards to information security. Organizations will need to develop a virtualization security policy that establishes the requirements for securely deploying, migrating, administering, and retiring virtual machines. In this way a proper information security framework can be followed in implementing a secure environment for hosts, virtual machines, and virtual management tools. This article is part two of a series on virtualization. The previous article was titled “Critical security considerations for server virtualization.”
