My second call for action for 2012, following security cloudification, and this time one I think would not be met, is for a standard measurement of security intelligence, call it Security IQ. Security intelligence is exclaimed as the next big thing in information security, and rightfully so. As a result, the question of how to evaluate the quality of these intelligence becomes important. This is true for in house security intelligence and even more so when we outsource our security intelligence. As discussed in “Black Cats, White Cats”, black listing controls such as intrusion prevention systems and Anti-Virus software transfer the responsibility of security intelligence to the vendor leaving the customer at the mercy of smart marketing people, raising the need for a standard society wide metric for measuring the quality of security intelligence.
![]()
