Gartner Blog Network

Category: 'standards' Blog Posts

from the Gartner Blog Network

On Threat Intelligence Management Platforms

by Anton Chuvakin  |  March 31, 2014

I was writing this post on threat intelligence (TI) management platform requirements (TIMP? Do we need another acronym?), and I really struggled with it since most such information I have...

Read more »

The Myth of EMV

by French Caldwell  |  March 25, 2014


Read more »

Briefly On PCI DSS 3.0

by Anton Chuvakin  |  November 8, 2013

So I’ve been sleeping on my copy of PCI DSS 3.0 for a few weeks already and now that it is finally public, I am ready to comment on it...

Read more »

Our Security Data Sharing Paper Publishes

by Anton Chuvakin  |  June 19, 2013

It's with great excitement that I announce the publication of our paper “Information Sharing as an Industry Imperative to Improve Security.” It took a lot of research and a lot...

Read more »

Our Log Standards Paper Publishes

by Anton Chuvakin  |  December 11, 2012

Recently I updated a paper originally written by Dan Blum called “Event and Log Information: A Strong Case for Standards” and it just got posted to the site: “A deficit...

Read more »

Time to Stop Misusing SSAE 16 in Vendor Marketing

by French Caldwell  |  October 9, 2012

Some vendors and their auditors appear to be misusing SSAE 16 the same as they did SAS 70. For example, today I saw an announcement from security vendor Prolexic with...

Read more »

On “Output-driven” SIEM

by Anton Chuvakin  |  September 24, 2012

Here is a great term I picked from another SIEM literati: “output-driven SIEM.” This simply means deploying your security information and event management tool in such a way that NOTHING...

Read more »

CEE Log Standard Guide for the Community

by Anton Chuvakin  |  October 1, 2011

As esteemed readers of my “old”, personal blog know, I am a bit of a log fanatic. And my log fanaticism raises to a fevered pitch in the area of...

Read more »

SOA.. and the data is still hard

by Dan Sholler  |  January 15, 2009

I have recently been inundated with questions about the design of message formats. While these questions vary from techniques for XML extensibility to issues about how to create common elements...

Read more »

Where is Waldo? Or more precisely, where is WS-*?

by Dan Sholler  |  October 22, 2008

Our SOA surveys show that the vast majority of services in production today (over 80%) are WS-* services. This means that they have a WSDL descriptor, and at least in...

Read more »