Fancy a manual code walk-through? Well, some assistance never hurt...
I leveraged AWS X-Ray to simplify understanding the sources and sinks. Did it work, yes. Is it for anything else other than microservices (e.g., ERP / EHR / EMR, trading, AI), not really.
Showing posts with label EHR. Show all posts
Showing posts with label EHR. Show all posts
Wednesday, September 19, 2018
Monday, August 15, 2016
Loss Expectancy & InfoSec Metrics
So when looking to make single / annual loss expectancy (SLE / ALE) as subjective as possible it helps to have some metrics (i.e., KPIs / KRIs).
While vulnerability scanning / DAST / SAST / pen test findings can help, the best examples are from either honeypots or via red team exercises, to include: social engineering, phishing, whaling, and / or compromised digital assets.
Such metrics will help with the providing the (estimated) annual rate of occurrence (ARO) needed to determine the SLE * ARO = ALE.
Finally, while subjective, annual net sales / days of expected outage always helps w/ determining the SLE for ERP / EMR / EHR / ICS / CRM / SFA systems.
While vulnerability scanning / DAST / SAST / pen test findings can help, the best examples are from either honeypots or via red team exercises, to include: social engineering, phishing, whaling, and / or compromised digital assets.
Such metrics will help with the providing the (estimated) annual rate of occurrence (ARO) needed to determine the SLE * ARO = ALE.
Finally, while subjective, annual net sales / days of expected outage always helps w/ determining the SLE for ERP / EMR / EHR / ICS / CRM / SFA systems.
Subscribe to:
Posts (Atom)