This talk presents two main contributions: (1) Definitions and calculations of operational security metrics. The metrics are designed to represent security exposure, business value, security risk, and mitigation priority of data and services on networked hosts in IT infrastructures. (2) A hierarchical data visualization paradigm that enables a user to quickly understand the essence of these metrics and take appropriate mitigation actions. This paradigm scales to environments of multiple hundreds of network devices and tens of thousands of hosts. Both of these contributions are implemented and successfully deployed in a wide variety of environments, including financial organizations, utilities, universities and manufacturing.
Gates 4B (opposite 490)