IT Security Metrics: A Practical Framework for Measuring by Lance Hayden

By Lance Hayden

Implement an efficient safeguard Metrics venture or Program

IT protection Metrics presents a accomplished method of measuring dangers, threats, operational actions, and the effectiveness of information security on your association. The ebook explains how you can pick out and layout powerful size options and addresses the knowledge necessities of these recommendations. the safety strategy administration Framework is brought and analytical ideas for defense metrics information are mentioned. you will how to take a safety metrics software and adapt it to numerous organizational contexts to accomplish non-stop safeguard development through the years. Real-world examples of safeguard dimension initiatives are incorporated during this definitive guide.

  • Define safeguard metrics as a conceivable volume of usable info
  • Design potent protection metrics
  • Understand quantitative and qualitative information, facts assets, and assortment and normalization tools
  • Implement a programmable method of safety utilizing the safety technique administration Framework
  • Analyze protection metrics info utilizing quantitative and qualitative tools
  • Design a safety size undertaking for operational research of safeguard metrics
  • Measure protection operations, compliance, expense and price, and folks, enterprises, and tradition
  • Manage teams of defense size initiatives utilizing the safety development software
  • Apply organizational studying the right way to defense metrics

Show description

Read or Download IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data (Networking & Communication - OMG) PDF

Similar organization and data processing books

Languages and Compilers for Parallel Computing: 10th International Workshop, LCPC'97 Minneapolis, Minnesota, USA, August 7–9, 1997 Proceedings

This publication constitutes the completely refereed post-workshop court cases of the tenth overseas Workshop on Languages and Compilers for Parallel Computing, LCPC'97, held in Minneapolis, Minnesota, united states in August 1997The e-book offers 28 revised complete papers including 4 posters; all papers have been rigorously chosen for presentation on the workshop and went via a radical reviewing and revision part afterwards.

Cloud Computing: Web-basierte dynamische IT-Services (Informatik im Fokus) (German Edition)

Als Internetdienst erlaubt Cloud Computing die Bereitstellung und Nutzung von IT-Infrastruktur, Plattformen und Anwendungen. Dabei wird stets die aktuell benötigte Menge an Ressourcen zur Verfügung gestellt und abgerechnet. In dem Buch vermitteln die Autoren einen Überblick über Cloud-Computing-Architektur, ihre Anwendungen und Entwicklung.

Data Management in a Connected World: Essays Dedicated to Hartmut Wedekind on the Occasion of His 70th Birthday

Facts administration platforms play the main the most important function in construction huge software s- tems. due to the fact glossy purposes are not any longer unmarried monolithic software program blocks yet hugely versatile and configurable collections of cooperative providers, the information mana- ment layer additionally has to evolve to those new requisites.

Additional info for IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data (Networking & Communication - OMG)

Sample text

Instead, risk is usually bundled into some combination with other generalized issues of threats, vulnerabilities, and parameters that are often equally imprecise until we are left with a fuzzy concept that can change across organizations and implementations. This makes risk difficult to measure consistently in security, and it doesn’t help that many vendors confuse the meaning of the term or misuse it when they try to sell their security products and services. IT security’s approach to risk can reflect the relative immaturity of the industry and our responses to the professional challenges we face.

Probabilities I am certainly not the first to critique ALE as a security metric, and it surprises me how the formula continues to gain and maintain acceptance as an IT security standard by professionals who should know better. Like general matrix-based risk assessments, ALE relies on data that is often completely fabricated. This is reflected in its name, which implies human expectations. If it were called Annual Loss Probability, the formula would at least imply that the results were based on more concrete data.

I believe not only that nonquantitative approaches to measurement are possible in our world, but that they are necessary and vital, because security is inherently a social process as much as a technical one. The debate between the merits of quantitative and qualitative research and, more generally, between those of the hard sciences and the social sciences, has been ongoing for decades and is well beyond the scope of this book. I must respectfully disagree with those in the security metrics field who discount nonquantitative metrics out of hand.

Download PDF sample

Rated 4.54 of 5 – based on 4 votes