Pragmatic security metrics. (2016)
- Record Type:
- Book
- Title:
- Pragmatic security metrics. (2016)
- Main Title:
- Pragmatic security metrics
- Further Information:
- Note: W. Krag Brotby and Gary Hinson.
- Other Names:
- Brotby, W. Krag
Hinson, Gary - Contents:
- Introduction; Why Have We Written This Book?; What’s Different about This Metrics Book?; Who Are We Writing This For?; Who Are We?; Krag Brotby; Gary Hinson; What We’ll Be Talking About; Defining Our Terminology; What We Expect of You, the Reader; Summary; ; Why Measure Information Security?; To Answer Awkward Management Questions; To Improve Information Security, Systematically; For Strategic, Tactical, and Operational Reasons; For Compliance and Assurance Purposes; To Fill the Vacuum Caused by Our Inability to Measure Security; To Support the Information Security Manager; For Profit!; For Various Other Reasons; Summary The Art and Science of Security Metrics; Metrology, the Science of Measurement; Governance and Management Metrics; Information Security Metrics; Financial Metrics (for Information Security); (Information Security) Risk Management Metrics; Software Quality (and Security) Metrics; Information Security Metrics Reference Sources; Douglas Hubbard "How to Measure Anything" (Hubbard 2010); Andrew Jaquith: Security Metrics (Jaquith 2007); NIST SP 800-55: Performance Measurement Guide for Information Security (NIST 2008); Debra Herrmann: Complete Guide to Security and Privacy Metrics (Herrmann 2007); Krag Brotby: Information Security Management Metrics (Brotby 2009a); Lance Hayden: IT Security Metrics (Hayden 2010); Caroline Wong "Security Metrics: A Beginner’s Guide" (Wong 2012); ISO/IEC 27004: Information Security Management–Measurement (ISO/IEC 27004 2009) 3.7.9Introduction; Why Have We Written This Book?; What’s Different about This Metrics Book?; Who Are We Writing This For?; Who Are We?; Krag Brotby; Gary Hinson; What We’ll Be Talking About; Defining Our Terminology; What We Expect of You, the Reader; Summary; ; Why Measure Information Security?; To Answer Awkward Management Questions; To Improve Information Security, Systematically; For Strategic, Tactical, and Operational Reasons; For Compliance and Assurance Purposes; To Fill the Vacuum Caused by Our Inability to Measure Security; To Support the Information Security Manager; For Profit!; For Various Other Reasons; Summary The Art and Science of Security Metrics; Metrology, the Science of Measurement; Governance and Management Metrics; Information Security Metrics; Financial Metrics (for Information Security); (Information Security) Risk Management Metrics; Software Quality (and Security) Metrics; Information Security Metrics Reference Sources; Douglas Hubbard "How to Measure Anything" (Hubbard 2010); Andrew Jaquith: Security Metrics (Jaquith 2007); NIST SP 800-55: Performance Measurement Guide for Information Security (NIST 2008); Debra Herrmann: Complete Guide to Security and Privacy Metrics (Herrmann 2007); Krag Brotby: Information Security Management Metrics (Brotby 2009a); Lance Hayden: IT Security Metrics (Hayden 2010); Caroline Wong "Security Metrics: A Beginner’s Guide" (Wong 2012); ISO/IEC 27004: Information Security Management–Measurement (ISO/IEC 27004 2009) 3.7.9 CIS Security Metrics (CIS 2010); ISACA; Specifying Metrics; Metrics Catalogs and a Serious Warning About SMD; Other (Information Security) Metrics Resources; Summary; ; Audiences for Security Metrics; Metrics Audiences Within the Organization; Senior Management; Middle and Junior Management; Security Operations; Others with Interest in Information Security; Metrics Audiences From Without the Organization; Summary; ; Finding Candidate Metrics; Preexisting/Current Information Security Metrics; Other Corporate Metrics; Metrics Used in Other Fields and Organizations; Information Security Metrics Reference Sources; Other Sources of Inspiration for Security Metrics; Security Surveys; Vendor Reports and White Papers; Security Software; Roll-Your-Own Metrics; Metrics Supply and Demand; Summary Metametrics and the PRAGMATIC Approach; Metametrics; Selecting Information Security Metrics; PRAGMATIC Criteria; 6.3.1 P = Predictive; 6.3.2 R = Relevant; 6.3.3 A = Actionable; 6.3.4 G = Genuine; 6.3.5 M = Meaningful; 6.3.6 A = Accurate; 6.3.7 T = Timely; 6.3.8 I = Independent; 6.3.9 C = Cost; Scoring Information Security Metrics against the PRAGMATIC Criteria; Other Uses for PRAGMATIC Metametrics; Classifying Information Security Metrics; 6.6.1 Strategic/Managerial/Operational (SMO) Metrics Classification; 6.6.2 Risk/Control Metrics Classification; 6.6.3 Input–Process–Output (Outcome) Metrics Classification; 6.6.4 Effectiveness and Efficiency Metrics Classification; 6.6.5 Maturity Metrics Classification; 6.6.6 Directness Metrics Classification; 6.6.7 Robustness Metrics Classification; 6.6.8 Readiness Metrics Classification; 6.6.9 Policy/Practice Metrics Classification; Summary 150+ Example Security Metrics; Information Security Risk Management Example Metrics; Information Security Policy Example Metrics; Security Governance, Management, and Organization Example Metrics; Information Security Financial Management Metrics; Information Security Control-Related Metrics; Metrics for Business Alignment and Relevance of Controls; Control Monitoring and Testing Metrics; Financial Information Security Metrics; Information Asset Management Example Metrics; Human Resources Security Example Metrics; Physical Security Examples; IT Security Metric Examples; Access Control Example Metrics; Software Security Example Metrics; Incident Management Example Metrics; Business Continuity Management Examples; Compliance and Assurance Metrics Examples; Summary Designing PRAGMATIC Security Measurement System; Brief History of Information Security Metrics; Taking Systems Approach to Metrics; Information Security Measurement System Lifecycle; Summary Advanced Information Security Metrics; High-Reliability Metrics; Indicators and Proxies; Key Indicators; Key Goal Indicators (KGIs); Key Performance Indicators (KPIs); Key Risk Indicators (KRIs); Critical Success Factors (CSFs); Targets, Hurdles, Yardsticks, Goals, Objectives, Benchmarks, and Triggers; Summary Downsides of Metrics; Numbers Don’t Always Tell the Whole Story; Scoring Political Points through Metrics; Implausible Deniability; Metrics Gaps; On Being Good Enough; What Not to Measure; Summary Using PRAGMATIC Metrics in Practice; Gathering Raw Data; Sampling; Automated Data Sources; Observations, Surveys, and Interviews; Online or In-Person Surveys; Scoring Scales; Audits, Reviews, and Studies; Data Analysis and Statistics; Data Presentation; General Considerations; Analytical Tools and Techniques; Reporting Tools and Techniques; Presentational Tools and Techniques; Graphs, Figures, Diagrams, and Illustrations; Drawing Attention to Specific Issues; Using, Reacting to, and Responding to Metrics; Periodic versus Event-Driven Reporting; Summary Case Study; The Context: Acme Enterprises, Inc; Information Security Metrics for C-Suite; Information Security Metrics for the CEO; Information Security Metrics for the CIO; Information Security Metrics for the CISO; Information Security Metrics for the CFO; Information Security Metrics for the VP of Production; Information Security Metrics for the VP of Marketing; Information Security Metrics for Management and Operations; Information Security Metrics for External Stakeholders; Acme’s Information Security Measurement System<BR … (more)
- Publisher Details:
- Place of publication not identified : Auerbach Publications
- Publication Date:
- 2016
- Extent:
- 1 online resource, illustrations
- Subjects:
- 658.478
Computer security -- Standards
Business enterprises -- Computer networks -- Security measures - Languages:
- English
- ISBNs:
- 9781439881538
1439881537 - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.143377
- Ingest File:
- 02_066.xml