Security Metrics

Author: Andrew Jaquith
Publisher: Pearson Education
ISBN: 0132715775
Category : Computers
Languages : en
Pages : 356

Book Description
The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations Security Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise. Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith’s extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You’ll learn how to: • Replace nonstop crisis response with a systematic approach to security improvement • Understand the differences between “good” and “bad” metrics • Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk • Quantify the effectiveness of security acquisition, implementation, and other program activities • Organize, aggregate, and analyze your data to bring out key insights • Use visualization to understand and communicate security issues more clearly • Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources • Implement balanced scorecards that present compact, holistic views of organizational security effectiveness

Measures and Metrics in Corporate Security

Author: George Campbell
Publisher: Elsevier
ISBN: 012800715X
Category : Business & Economics
Languages : en
Pages : 177

Book Description
The revised second edition of Measures and Metrics in Corporate Security is an indispensable guide to creating and managing a security metrics program. Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book shows how to improve security’s bottom line and add value to the business. It provides a variety of organizational measurements, concepts, metrics, indicators and other criteria that may be employed to structure measures and metrics program models appropriate to the reader’s specific operations and corporate sensitivities. There are several hundred examples of security metrics included in Measures and Metrics in Corporate Security, which are organized into categories of security services to allow readers to customize metrics to meet their operational needs. Measures and Metrics in Corporate Security is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Describes the basic components of a metrics program, as well as the business context for metrics Provides guidelines to help security managers leverage the volumes of data their security operations already create Identifies the metrics security executives have found tend to best serve security’s unique (and often misunderstood) missions Includes 375 real examples of security metrics across 13 categories

Security Metrics, A Beginner's Guide

Author: Caroline Wong
Publisher: McGraw Hill Professional
ISBN: 0071744010
Category : Computers
Languages : en
Pages : 433

Book Description
Security Smarts for the Self-Guided IT Professional “An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!”—Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner's Guide explains, step by step, how to develop and implement a successful security metrics program. This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You'll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away. Security Metrics: A Beginner's Guide features: Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the author's years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum.

Network Security Metrics

Author: Lingyu Wang
Publisher: Springer
ISBN: 3319665057
Category : Computers
Languages : en
Pages : 215

Book Description
This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text.

PRAGMATIC Security Metrics

Author: W. Krag Brotby
Publisher: CRC Press
ISBN: 1439881537
Category : Business & Economics
Languages : en
Pages : 507

Book Description
Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.Packed with time-saving tips, the book offers easy-to-fo

Information Security Management Metrics

Author: CISM, W. Krag Brotby
Publisher: CRC Press
ISBN: 1420052861
Category : Business & Economics
Languages : en
Pages : 246

Book Description
Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metr

Metrics and Methods for Security Risk Management

Author: Carl Young
Publisher: Syngress
ISBN: 1856179796
Category : Business & Economics
Languages : en
Pages : 294

Book Description
Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem. Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful. Offers an integrated approach to assessing security risk Addresses homeland security as well as IT and physical security issues Describes vital safeguards for ensuring true business continuity

Complete Guide to Security and Privacy Metrics

Author: Debra S. Herrmann
Publisher: CRC Press
ISBN: 1420013289
Category : Business & Economics
Languages : en
Pages : 848

Book Description
This bookdefines more than 900 metrics measuring compliance with current legislation, resiliency of security controls, and return on investment. It explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The metrics are scaled by information sensitivity, asset criticality, and risk; aligned to correspond with different lateral and hierarchical functions; designed with flexible measurement boundaries; and can be implemented individually or in combination. The text includes numerous examples and sample reports and stresses a complete assessment by evaluating physical, personnel, IT, and operational security controls.

The Metrics Manifesto

Author: Richard Seiersen
Publisher: John Wiley & Sons
ISBN: 111951536X
Category : Computers
Languages : en
Pages : 326

Book Description
Security professionals are trained skeptics. They poke and prod at other people’s digital creations, expecting them to fail in unexpected ways. Shouldn’t that same skeptical power be turned inward? Shouldn’t practitioners ask: “How do I know that my enterprise security capabilities work? Are they scaling, accelerating, or slowing as the business exposes more value to more people and through more channels at higher velocities?” This is the start of the modern measurement mindset—the mindset that seeks to confront security with data. The Metrics Manifesto: Confronting Security with Data delivers an examination of security metrics with R, the popular open-source programming language and software development environment for statistical computing. This insightful and up-to-date guide offers readers a practical focus on applied measurement that can prove or disprove the efficacy of information security measures taken by a firm. The book’s detailed chapters combine topics like security, predictive analytics, and R programming to present an authoritative and innovative approach to security metrics. The author and security professional examines historical and modern methods of measurement with a particular emphasis on Bayesian Data Analysis to shed light on measuring security operations. Readers will learn how processing data with R can help measure security improvements and changes as well as help technology security teams identify and fix gaps in security. The book also includes downloadable code for people who are new to the R programming language. Perfect for security engineers, risk engineers, IT security managers, CISOs, and data scientists comfortable with a bit of code, The Metrics Manifesto offers readers an invaluable collection of information to help professionals prove the efficacy of security measures within their company.

Directions in Security Metrics Research

Author: Wayne Jansen
Publisher: DIANE Publishing
ISBN: 1437924514
Category : Computers
Languages : en
Pages : 26

Book Description
Information security metrics are seen as an important factor in making sound decisions about various aspects of security, ranging from the design of security architectures and controls to the effectiveness and efficiency of security operations. Security metrics strive to offer a quantitative and objective basis for security assurance. During the last few decades, researchers have made various attempts to develop measures and systems of measurement for computer security with varying degrees of success. This paper provides an overview of the security metrics area and looks at possible avenues of research that could be pursued to advance the state of the art.