Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and MeasurementSpectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metr |
Contents
Chapter 1 Security Metrics Overview | 1 |
Chapter 2 Security Metrics | 13 |
Chapter 3 Current State of Security Metrics | 21 |
Chapter 4 Metrics Developments | 53 |
Chapter 5 Relevance | 63 |
Chapter 6 The Metrics Imperative | 67 |
Chapter 7 Attributes of Good Metrics | 73 |
Chapter 8 Information Security Governance | 83 |
Chapter 14 Incident Management and Response | 149 |
Chapter 15 Conclusions | 155 |
Acronyms | 157 |
Metrics Classifications1 | 165 |
Cultural Worldviews1 | 171 |
The Competing Values Framework | 175 |
The Organization Culture Assessment Instrument OCAI | 179 |
SABSA Business Attribute Metrics | 181 |
Chapter 9 Metrics DevelopmentA Different Approach | 93 |
Chapter 10 Information Security Governance Metrics | 101 |
Chapter 11 Information Security Risk Management | 107 |
Chapter 12 Information Security Program Development Metrics | 115 |
Chapter 13 Information Security Management Metrics | 119 |
Common terms and phrases
acceptable achieve adhocracy alignment analysis annual loss expectancy Architecture Capability Maturity assets Attribute Explanation audit and review Balanced Scorecard Business Attribute Capability Maturity Model2 CISO CobiT compliance compromise Computer Computer Security consider cost cost-effective critical culture defined determine effective metrics ensure evaluate example factor failure focus functions Harris Corporation IA metrics implementation Independent audit indicators Information Assurance information needed information security management integration ISACA ISBN loss expectancy management metrics meaningful methods Mississippi State University objectives operational risk organization organization’s organizational outcomes overall percent performance personnel physical Probabilistic risk assessment procedures protection recovery time objectives regulatory relevant reliability result review against Security risk assessment risk management rity ROSI SABSA safety secu Security Architecture Capability security metrics Six Sigma Soft standards strategic Suggested Measurement Approach threat tion typically value at risk vulnerabilities