Sign in
|
Register
|
Mobile
Home
Browse
About us
Help/FAQ
Advanced search
Home
>
Browse
>
Security Metrics, A Beginner's Guide
CITATION
Wong, Caroline
.
Security Metrics, A Beginner's Guide
.
US
: McGraw-Hill Osborne Media, 2011.
Add to Favorites
Email to a Friend
Download Citation
Security Metrics, A Beginner's Guide
Authors:
Caroline Wong
Published:
October 2011
eISBN:
9780071744010 0071744010
|
ISBN:
9780071744003
Open eBook
Book Description
Table of Contents
Contents
Foreword
Acknowledgments
Introduction
Part I: Why Security Metrics?
1 Why Measure Security?
Purpose of an Information Security Program
Benefits of a Security Metrics Program
Why Are Security Metrics So Hard to Do?
2 Why Security Metrics are Needed Now
Security Work is Never Finished: Technology Changes and Moore’s Law
More on the Increasing Sophistication of Attacks
New Developments in Information Security
Profile of a Hacker
Today’s “Security Best Practices” Are Not Good Enough
Part II: Essential Components of an Effective Security Metrics Practitioner
3 Analytics
What are Security Analytics?
Visualization
Bundling Interpretation and Metrics
Do I Need a PhD in Math?
Examples of Applying Analytic Patterns
4 Commitment to Project Management
Information Security Culture
Project Management
Run-the-Business Activities
Part III: Decide What to Measure
5 Identify Core Competencies, Information Security Work, and Resourcing Options
Evaluating Security Core Competencies for Metrics Projects
Spectrum of Information Security Work
Leveraging the Outsourcing and Offshoring Models
6 Identify Targets
Revisiting Objectives of an Information Security Metrics Program
Identifying What’s Important
Identifying What’s Broken
Identifying What’s Basic
Identifying What Needs to Be Discussed
Identifying What’s New
Part IV: Get Started
7 Define Project Objectives
Training for a Marathon
Mapping a Target to a Benefit
Defining the Objective of a Security Metrics Project
Lessons Learned
8 Define Your Priorities
A Real-World Prioritization Example
Why is it Important to Prioritize?
Advantages of Effective Prioritization
Factors to Consider
How to Prioritize
9 Identify Key Messages and Key Audiences
Why Stakeholder Engagement is Important
Stakeholder Engagement
Examples
Chapter Summary
10 Obtain Buy-In from Stakeholders
What is Buy-In and Why Do You Need it?
Preparing for a Buy-In Discussion with Stakeholders
Meeting, Explaining, Asking, Documenting
Part V: Toolkit
11 Automation
Automation: Benefits
Automation: Workflow
12 Analysis Technologies and a Case Study
Automation: Technologies
Case Study
Part VI: Creating the Best Environment for Healthy Metrics
13 Define a Communications Strategy
What Do You Want to Communicate?
Keep Your Message Consistent
Know Your Audience
Communicate Well
Share More
Communication Formats
Additional Tips on Communicating Effectively
14 Drive an action Plan: the Importance of Project Management
Role of the Project Manager
Managing Change
Decision Making
Reporting Formats
Part VII: Secret Sauce: Lessons Learned from an Enterprise Practitioner
15 Improving Data Quality and Presentation
Data Cleansing
Reporting Data from Multiple Systems
Data, Processes, and People
Don’t Wait for Perfect Data Before Reporting
16 Resourcing and Security Metrics Projects
Resourcing Options
Leveraging Politics and Competition
Metrics as Justification for More Resources
Report Quickly
Part VIII: Looking Forward
17 Security Metrics for Cloud Computing
Cloud Computing Defined
Cloud Business Drivers
The New Normal
Security Metrics vs. Cloud Security Metrics
Cloud Security Alliance
Final Thoughts
Part IX: Appendix and Glossary
Appendix: Templates and Checklists
Chapter 1: The Three Benefits of a Security Metrics Program
Chapter 2: Best Practice Analysis
Chapter 5: Request for Proposal
Chapter 6: Metrics for High Risk Areas
Chapter 7: Meeting with Stakeholders
Chapter 8: Basic Prioritization Questions
Chapter 9: Identifying Key Audiences and Key Messages
Chapter 17: Template for Completely and Unambiguously Defining a Metric
Glossary
A
B
C
D
F
I
M
O
P
Q
R
S
T
W
Index