Data, Data, Everywhere
Sunday, February 21, 2010 at 01:42AM Suppose your security system chooses 10,000 controls (vulnerability checks, scripts, signatures, etc -- pick your preferred terminology) that can be applied to some example asset (a server, executive laptop, or whatever). That number could be smaller or it could be larger depending on the system but let’s say that 10,000 is the count after filtering out those controls that don’t apply (e.g., there’s no Apache server on that Windows 7 laptop).
Now, suppose that each control returns 100 characters of evidence data. That means you have 1,000,000 characters of data for one full assessment of one system. You are going to store those data in Unicode format because our company is international and hence so are our evidence data. That turns our 1,000,000 characters into 2,000,000 bytes of data.
The original story was on the M2GRC blog: http://m2grc.com/2010/01/18/data-data-everywhere/
The full article can also be found here. :)
compliance, risk, security 