Published: June 2010
Implement an Effective Security Metrics Project or Program
IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide.
Define security metrics as a manageable amount of usable data
Design effective security metrics
Understand quantitative and qualitative data, data sources, and collection and normalization methods
Implement a programmable approach to security using the Security Process Management Framework
Analyze security metrics data using quantitative and qualitative methods
Design a security measurement project for operational analysis of security metrics
Measure security operations, compliance, cost and value, and people, organizations, and culture
Manage groups of security measurement projects using the Security Improvement Program
Apply organizational learning methods to security metrics
Lance Hayden, Ph.D., CISSP, CISM, is a Solutions Architect and Information Scientist with Cisco System's World Wide Security Practice where he helps Cisco's customers make informed decisions about their security operations. In addition to his private sector experience, he teaches at the University of Texas and is a former HUMINT officer with the Central Intelligence Agency.
Keywords: IT, SECURITY, METRICS, BOOK, GUIDE, HOW TO, INTERNET, TECHNOLOGY, PRACTICAL, FRAMEWORK, MEASURING, PROTECTING, DATA, LANCE HAYDEN, EMPIRICISM, EMPIRICAL, INQUIRY, INDUSTRIES, GQM, BASIS, ASSESSMENT, ESA, IDENTIFY, GOALS, DEVELOP, OPERATIONAL, QUESTIONS, COLLECT, ANALYZE, DRAW, CONCLUSIONS, MAKE, RECOMMENDATIONS, INCORPORATING, EXISTING, PROGRAM, CASES, BUILDING, CISCO, SYSTEMS, CIA, CYBERSPACE, POLICY, CYBERSECURITY, MILESTONES, PERFORMANCE, INFORMATION, GOVERNANCE, CORPORATE, REGULATORY, COMPLIANCE, STANDARDIZATION, PRACTITIONERS, PROFESSIONAL, SOLUTIONS, IMPLEMENTING, PARADIGM, METHODS, RESEARCH, TOOLS, HISTORY, THEORY, SCIENTIFIC, SECURITY, NETWORKING, HACKING EXPOSED, HACKING EXPOSED WEB 2.0, HACKING EXPOSED VOIP, HACKING EXPOSED WINDOWS, HACKING EXPOSED WEB APPLICATIONS, HACKING EXPOSED CISCO NETWORKS, GRAY HAT HACKING, HACKING EXPOSED WIRELESS, HACKING EXPOSED COMPUTER FORENSICS, 19 DEADLY SINS OF SOFTWARE SECURITY, 24 DEADLY SINS OF SOFTWARE SECURITY, CCNA CISCO CERTIFIED NETWORK ASSOCIATE STUDY GUIDE, CCENT CISCO CERTIFIED ENTRY NETWORKING TECHNICIAN STUDY GUIDE, CCNA CISCO CERTIFIED NETWORK ASSOCIATE WIRELESS STUDY GUIDE, CISSP ALL-IN-ONE EXAM GUIDE, MOBILE APPLICATION SECURITY, HACKING EXPOSED MALWARE AND ROOTKITS, HACKING EXPOSED COMPUTER FORENSICS, HACKING EXPOSED VIRTUALIZATION & CLOUD COMPUTING
