CITATION

Wong, Caroline. Security Metrics, A Beginner's Guide. US: McGraw-Hill Osborne Media, 2011.

Security Metrics, A Beginner's Guide

Authors:

Published:  October 2011

eISBN: 9780071744010 0071744010 | ISBN: 9780071744003

Book description:

Security Smarts for the Self-Guided IT Professional

“An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!” —Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay

Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner's Guide explains, step by step, how to develop and implement a successful security metrics program.

This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You'll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away.

Security Metrics: A Beginner's Guide features:

  • Lingo--Common security terms defined so that you're in the know on the job

  • IMHO--Frank and relevant opinions based on the author's years of industry experience

  • Budget Note--Tips for getting security technologies and processes into your organization's budget

  • In Actual Practice--Exceptions to the rules of security explained in real-world contexts

  • Your Plan--Customizable checklists you can use on the job now

  • Into Action--Tips on how, why, and when to apply new skills and techniques at work

Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum.

Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay and built eBay’s security metrics program from the ground up. Caroline is a frequent featured speaker at numerous industry conferences, including RSA, Metricon, the Executive Women’s Forum, and the Information Security Forum. Caroline is a founding member of the Cloud Security Alliance Metrics Working Group and was awarded the “One to Watch” category at the Executive Women’s Forum Women of Influence Awards in 2010.

Keywords: SECURE, METRICS, BEGINNER, GUIDE, CAROLINE WONG, EBAY, SECURITY, WHY, VOLUMES, BOTS, NOW, ESSENTIAL, COMPONENTS, EFFECTIVE, PRACTITIONER, ANALYTICS, DISCIPLINE, COMMITMENT, PROJECT, MANAGEMENT, DECIDE, WHAT, MEASURE, CORE, IDENTIFY, TARGETS, STARTED, DEFINE, OBJECTIVES, GOALS, PRIORITIES, IDENTIFY, KEY, MESSAGES, AUDIENCES, OBTAIN, BUY-IN, STAKEHOLDERS, COMMIT, TIMELINES, TOOLKIT, CENTER, INFORMATION, CIS, CONSENSUS, DEFINITIONS, CASE, STUDY, ANALYSIS, TECHNOLOGY, SAMPLES, CREATING, BEST, ENVIRONMENT, HEALTHY, COMMUNICATIONS, STRATEGY, DRIVE, CREATE, ACTION, PLAN, IMPORTANCE, SECRET, SAUCE, LESSONS, LEARNED, ENTERPRISE, ENHANCE, PROCESS, OPTIMIZATION, DATA, QUALITY, FIX, BROKE, BEFORE, AUTOMATION, APPENDICES, GLOSSARY, TERMS, CHECKLISTS, TEMPLATES, PROMINENT, EASY-TO-USE, BUDGET, CONSTRAINTS, TIGHT, CYBERCRIMINALS, GROUPS, FUNDED, PROTECTED, EDUCATED, THREAT, SOPHISTICATED, MEANINGFUL, NETWORKS, WEB SITES, MATURITY, ELEMENTS, FEEDBACK, LOOPS, IMPROVEMENT, LEVERAGING, PREVENTION, TECHNIQUES, GURU, GLOBAL, RSA, METRICON, EXECUTIVE WOMEN'S FORUM, ARCHER SUMMITS, CLOUD SECURITY ALLIANCE, SECURITY, NETWORKING, HACKING EXPOSED, HACKING EXPOSED WEB 2.0, HACKING EXPOSED VOIP, HACKING EXPOSED WINDOWS, HACKING EXPOSED WEB APPLICATIONS, HACKING EXPOSED CISCO NETWORKS, GRAY HAT HACKING, HACKING EXPOSED WIRELESS, HACKING EXPOSED COMPUTER FORENSICS, 19 DEADLY SINS OF SOFTWARE SECURITY, 24 DEADLY SINS OF SOFTWARE SECURITY, CCNA CISCO CERTIFIED NETWORK ASSOCIATE STUDY GUIDE, CCENT CISCO CERTIFIED ENTRY NETWORKING TECHNICIAN STUDY GUIDE, CCNA CISCO CERTIFIED NETWORK ASSOCIATE WIRELESS STUDY GUIDE, CISSP ALL-IN-ONE EXAM GUIDE, MOBILE APPLICATION SECURITY, HACKING EXPOSED MALWARE AND ROOTKITS, HACKING EXPOSED COMPUTER FORENSICS, HACKING EXPOSED VIRTUALIZATION & CLOUD COMPUTING, IT SECURITY METRICS, SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) IMPLEMENTATION, IT AUDITING