Information security management metrics : a definitive guide to effective security monitoring and measurement /: a definitive guide to effective security monitoring and measurement. (©2009)
- Record Type:
- Book
- Title:
- Information security management metrics : a definitive guide to effective security monitoring and measurement /: a definitive guide to effective security monitoring and measurement. (©2009)
- Main Title:
- Information security management metrics : a definitive guide to effective security monitoring and measurement
- Further Information:
- Note: W. Krag Brotby.
- Authors:
- Brotby, W. Krag
- Contents:
- Security metrics overview -- Metrics and objectives -- Information security -- IT security -- Other assurance functions -- Stakeholders -- Security metrics -- Security program effectiveness -- Types of metrics -- Information assurance / security metrics classification -- Monitoring vs. metrics -- Current state of security metrics -- Quantitative measures and metrics -- Financial metrics -- Return on investments -- Payback method -- ROI calculation -- NPV -- IRR -- Return on security investment (ROSI) -- SLE and ALE -- ROSI -- A new ROSI model -- A more complex security ROI -- Security attribute evaluation method (SAEM) -- Cost-effectiveness analysis -- Cost-benefit analysis -- Fault tree analysis -- Value at ris (VAR) -- ALE/SLE -- Qualitative security metrics -- Cultural metrics -- Risk management through cultural theory -- The competing values framework -- Organizational structure -- Hybrid approaches -- Systemic security management -- Balanced scorecard -- The SABSA business attributes approach -- Quality metrics -- Six sigma -- ISO 9000 -- Maturity level -- Benchmarking -- Standards -- OCTAVE -- Metrics developments -- Statistical modeling -- Systemic security management -- Value at risk analysis -- Factor analysis of information risk (FAIR) -- Risk factor analysis -- Probabilistic risk assessment (PRA) -- Relevance -- Problem Inertia -- Correlating metrics to consequences -- The metrics imperative -- Study of ROSI of security measures -- Resource allocation -- ManagingSecurity metrics overview -- Metrics and objectives -- Information security -- IT security -- Other assurance functions -- Stakeholders -- Security metrics -- Security program effectiveness -- Types of metrics -- Information assurance / security metrics classification -- Monitoring vs. metrics -- Current state of security metrics -- Quantitative measures and metrics -- Financial metrics -- Return on investments -- Payback method -- ROI calculation -- NPV -- IRR -- Return on security investment (ROSI) -- SLE and ALE -- ROSI -- A new ROSI model -- A more complex security ROI -- Security attribute evaluation method (SAEM) -- Cost-effectiveness analysis -- Cost-benefit analysis -- Fault tree analysis -- Value at ris (VAR) -- ALE/SLE -- Qualitative security metrics -- Cultural metrics -- Risk management through cultural theory -- The competing values framework -- Organizational structure -- Hybrid approaches -- Systemic security management -- Balanced scorecard -- The SABSA business attributes approach -- Quality metrics -- Six sigma -- ISO 9000 -- Maturity level -- Benchmarking -- Standards -- OCTAVE -- Metrics developments -- Statistical modeling -- Systemic security management -- Value at risk analysis -- Factor analysis of information risk (FAIR) -- Risk factor analysis -- Probabilistic risk assessment (PRA) -- Relevance -- Problem Inertia -- Correlating metrics to consequences -- The metrics imperative -- Study of ROSI of security measures -- Resource allocation -- Managing without metrics -- Attributes of good metrics -- Metrics objectives -- Measurement categories -- Effective metrics -- What is being measured? -- Why is it measured? -- Who are the recipients? -- What does it mean? -- What action is required? -- Information security governance -- Security governance outcomes -- Defining security objectives -- Sherwood applied business security architecture (SABSA) -- CobiT -- ISO 27001 -- Capability maturity model -- Current state -- Information security strategy -- Metrics development -- a different approach -- The information security manager -- Activities requiring metrics -- Criticality and sensitivity -- Degree of risk or potential impact -- Risk over time -- Options and cost-effectiveness -- Ranking metrics and monitoring requirements -- Monitoring, measures, or metrics? -- Information security governance metrics -- Strategic security governance decisions -- Strategic security governance decision metrics -- Security governance management decisions -- Strategic direction -- Ensuring objectives are achieved -- Managing risks appropriately -- Using resources responsibly -- Security governance operational decisions -- Information security risk management -- Information security risk management decisions -- Management requirements for information security risk -- Criticality of assets -- Sensitivity of assets -- The nature and magnitude of impacts -- Vulnerabilities -- Threats -- Probability of compromise -- Strategic initiatives and plans -- Acceptable levels of risk and impact -- Information security operational risk metrics -- Information security program development metrics -- Program development management metrics -- Program development operational metrics -- Information security management metrics -- Security management decision support metrics -- Security management decisions -- Strategic alignment -- Risk management -- Metrics for risk management -- Assurance process integration -- Value delivery -- Resource management -- Performance measurement -- Information security management operational decision -- Support metrics -- IT and information security management -- Compliance metrics -- Incident management and response -- Incident management decision support metrics -- Is it actually an incident? -- What kind of incident is it? -- Is it a security incident? -- What is the severity level? -- Are there multiple events and / or impacts? -- Will an incident need triage? -- What is the most effective response? -- What immediate actions must be taken? -- Which incident response teams and other personnel must be mobilized? -- Who must be notified? -- Who is in charge -- Is it becoming a disaster? -- Conclusions -- Predictive metrics. … (more)
- Publisher Details:
- Boca Raton : Auerbach Publications
- Publication Date:
- 2009
- Copyright Date:
- 2009
- Extent:
- 1 online resource (xix, 223 pages), illustrations
- Subjects:
- 658.4/78
Information technology -- Security measures
Computer security
Business enterprises -- Computer networks -- Security measures
Data protection
BUSINESS & ECONOMICS -- Industrial Management
BUSINESS & ECONOMICS -- Management
BUSINESS & ECONOMICS -- Management Science
BUSINESS & ECONOMICS -- Organizational Behavior
Business enterprises -- Computer networks -- Security measures
Computer security
Data protection
Information technology -- Security measures
Electronic books - Languages:
- English
- ISBNs:
- 9781420052862
1420052861 - Related ISBNs:
- 1420052853
9781420052855 - Notes:
- Note: Includes bibliographical references and index.
Note: Print version record. - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.149614
- Ingest File:
- 01_059.xml