Book description
Implement an Effective Security Metrics Project or Program
IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide.
- Define security metrics as a manageable amount of usable data
- Design effective security metrics
- Understand quantitative and qualitative data, data sources, and collection and normalization methods
- Implement a programmable approach to security using the Security Process Management Framework
- Analyze security metrics data using quantitative and qualitative methods
- Design a security measurement project for operational analysis of security metrics
- Measure security operations, compliance, cost and value, and people, organizations, and culture
- Manage groups of security measurement projects using the Security Improvement Program
- Apply organizational learning methods to security metrics
Table of contents
- Cover Page
- It Security Metrics
- Copyright Page
- Contents
- Foreword
- Acknowledgments
- Introduction
-
Part I Introducing Security Metrics
- 1 What Is a Security Metric?
- 2 Designing Effective Security Metrics
- 3 Understanding Data
- Case Study 1: In Search of Enterprise Metrics
-
Part II Implementing Security Metrics
- 4 The Security Process Management Framework
- 5 Analyzing Security Metrics Data
- 6 Designing the Security Measurement Project
- Case Study 2: Normalizing Tool Data in a Security Posture Assessment
-
PART III Exploring Security Measurement Projects
- 7 Measuring Security Operations
- 8 Measuring Compliance and Conformance
- 9 Measuring Security Cost and Value
- 10 Measuring People, Organizations, and Culture
-
Case Study 3: Web Application Vulnerabilities
- Source Data and Normalization
- Outcomes, Timelines, Resources
- Initial Reporting with “Dirty Data”
- Working with Stakeholders to Perform Data Cleansing
- Follow-up with Reports and Discussions with Stakeholders
- Lesson Learned: Fix the Process, and Then Automate
- Lesson Learned: Don’t Wait for Perfect Data Before Reporting
- Summary
-
PART IV Beyond Security Metrics
- 11 The Security Improvement Program
- 12 Learning Security: Different Contexts for Security Process Management
- Case Study 4: Getting Management Buy-in for the Security Metrics Program
- Index
Product information
- Title: IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data
- Author(s):
- Release date: August 2010
- Publisher(s): McGraw-Hill
- ISBN: 9780071713412
You might also like
book
PRAGMATIC Security Metrics
Light on mathematics and heavy on utility, this is the ultimate how-to-do-it guide for security metrics. …
book
Information Security Analytics
Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you …
book
Information Security Management Metrics
Information Security Management Metrics offers a step-by-step approach to developing and implementing relevant security metrics that …
book
Security Metrics: Replacing Fear, Uncertainty, and Doubt
The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations Security Metrics is the …