Sign in
|
Register
|
Mobile
Home
Browse
About us
Help/FAQ
Advanced search
Home
>
Browse
>
IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data
CITATION
Hayden, Lance
.
IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data
.
US
: McGraw-Hill Osborne Media, 2010.
Add to Favorites
Email to a Friend
Download Citation
IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data
Authors:
Lance Hayden
Published:
June 2010
eISBN:
9780071713412 0071713417
|
ISBN:
9780071713405
Open eBook
Book Description
Table of Contents
Contents
Foreword
Acknowledgments
Introduction
Part I: Introducing Security Metrics
1 What Is a Security Metric?
Metrics and Measurement
Security Metrics Today
The Dissatisfying State of Security Metrics: Lessons from Other Industries
Reassessing Our Ideas About Security Metrics
Summary
Further Reading
2 Designing Effective Security Metrics
Choosing Good Metrics
GQM for Better Security Metrics
More Security Uses for GQM
Summary
Further Reading
3 Understanding Data
What Are Data?
Data Sources for Security Metrics
We Have Metrics and Data—Now What?
Summary
Further Reading
Case Study 1: In Search of Enterprise Metrics
Scenario One: Our New Vulnerability Management Program
Scenario Two: Who’s on First?
Scenario Three: The Value of a Slide
Scenario Four: The Monitoring Program
Scenario Five: What Cost, the Truth?
Summary
Part II: Implementing Security Metrics
4 The Security Process Management Framework
Managing Security as a Business Process
The SPM Framework
Before You Begin SPM
Summary
Further Reading
5 Analyzing Security Metrics Data
The Most Important Step
Analysis Tools and Techniques
Summary
Further Reading
6 Designing the Security Measurement Project
Before the Project Begins
Phase One: Build a Project Plan and Assemble the Team
Phase Two: Gather the Metrics Data
Phase Three: Analyze the Metrics Data and Build Conclusions
Phase Four: Present the Results
Phase Five: Reuse the Results
Project Management Tools
Summary
Further Reading
Case Study 2: Normalizing Tool Data in a Security Posture Assessment
Background: Overview of the SPA Service
Objectives of the Case Study
Summary
Part III: Exploring Security Measurement Projects
7 Measuring Security Operations
Sample Metrics for Security Operations
Sample Measurement Projects for Security Operations
Summary
Further Reading
8 Measuring Compliance and Conformance
The Challenges of Measuring Compliance
Sample Measurement Projects for Compliance and Conformance
Summary
Further Reading
9 Measuring Security Cost and Value
Sample Measurement Projects for Compliance and Conformance
The Importance of Data to Measuring Cost and Value
Summary
Further Reading
10 Measuring People, Organizations, and Culture
Sample Measurement Projects for People, Organizations, and Culture
Summary
Further Reading
Case Study 3: Web Application Vulnerabilities
Source Data and Normalization
Outcomes, Timelines, Resources
Initial Reporting with “Dirty Data”
Working with Stakeholders to Perform Data Cleansing
Follow-up with Reports and Discussions with Stakeholders
Lesson Learned: Fix the Process, and Then Automate
Lesson Learned: Don’t Wait for Perfect Data Before Reporting
Summary
Part IV: Beyond Security Metrics
11 The Security Improvement Program
Moving from Projects to Programs
Managing Security Measurement with a Security Improvement Program
Requirements for a SIP
Measuring the SIP
Case Study: A SIP for Insider Threat Measurement
Summary
Further Reading
12 Learning Security: Different Contexts for Security Process Management
Organizational Learning
Three Learning Styles for IT Security Metrics
Final Thoughts
Summary
Further Reading
Case Study 4: Getting Management Buy-in for the Security Metrics Program
The CISO Hacked My Computer
What Is Buy-in?
Corporations vs. Higher Ed: Who’s Crazier?
Higher Education Case Study
Conclusion
Index
