By W. Krag Brotby

Different books on info protection metrics speak about quantity concept and facts in educational phrases. mild on arithmetic and heavy on software, PRAGMATIC safeguard Metrics: employing Metametrics to info protection breaks the mould. this is often the last word how-to-do-it advisor for defense metrics.

Packed with time-saving advice, the booklet deals easy-to-follow tips for these being affected by defense metrics. step-by-step, it truly explains the way to specify, enhance, use, and continue an information defense size system (a accomplished suite of metrics) to help:

  • Security execs systematically enhance details safeguard, exhibit the price they're including, and achieve administration aid for the issues that must be done
  • Management tackle formerly unsolvable difficulties rationally, making severe judgements comparable to source allocation and prioritization of protection relative to different company activities
  • Stakeholders, either inside of and outdoors the association, be guaranteed that details protection is being properly managed

The PRAGMATIC strategy enables you to home-in in your troublesome areas and determine the few metrics that may generate genuine company price. The book:

  • Helps you determine precisely what has to be measured, how to degree it, and most significantly, why it should be measured
  • Describes, rankings and ranks greater than a hundred and fifty capability safeguard metrics to illustrate the price of the PRAGMATIC method
  • Highlights protection metrics which are standard and suggested, but turn into really negative in practice
  • Describes leading edge and versatile dimension techniques comparable to adulthood metrics with non-stop scales
  • Explains find out how to reduce either dimension and protection dangers utilizing complementary metrics for larger coverage in serious parts akin to governance and compliance

as well as its visible application within the info safeguard realm, the PRAGMATIC method, brought for the 1st time during this booklet, has broader software throughout different fields of administration together with finance, human assets, engineering, and production--in truth any region that suffers a surplus of knowledge yet a deficit of worthy information.

Visit SecurityMetametrics.com helping the worldwide group of execs adopting the cutting edge options specified by PRAGMATIC protection Metrics. for those who, too, are suffering to make a lot experience of defense metrics, or trying to find larger metrics to control and enhance details defense, safety Metametrics is where for you.

Show description

Read Online or Download PRAGMATIC Security Metrics: Applying Metametrics to Information Security PDF

Best network security books

IPSec (2nd Edition)

IPSec, moment version is the main authoritative, complete, available, and up to date advisor to IPSec know-how. top experts hide all features of IPSec structure, implementation, and deployment; overview vital technical advances on account that IPSec was once first standardized; and current new case reports demonstrating end-to-end IPSec safety.

A Survey of Data Leakage Detection and Prevention Solutions

SpringerBriefs current concise summaries of state-of-the-art learn and useful functions throughout a large spectrum of fields. that includes compact volumes of fifty to a hundred pages (approximately 20,000- 40,000 words), the sequence covers a number of content material from specialist to educational. Briefs let authors to provide their rules and readers to take in them with minimum time funding.

Unified Communications Forensics. Anatomy of Common UC Attacks

Unified Communications Forensics: Anatomy of universal UC assaults is the 1st ebook to give an explanation for the problems and vulnerabilities and reveal the assaults, forensic artifacts, and countermeasures required to set up a safe (UC) surroundings. This ebook is written via major UC specialists Nicholas furnish and Joseph W.

CCSP Self-Study CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide

Community defense is a truly advanced company. The Cisco photographs Firewall plays a few very particular capabilities as a part of the safety procedure. you will need to to be accustomed to many networking and community defense techniques earlier than you adopt the CSPFA certification. This publication is designed for safety pros or networking execs who're attracted to starting the safety certification method.

Extra resources for PRAGMATIC Security Metrics: Applying Metametrics to Information Security

Example text

Improving resource management, for example, prioritizing information security work (such as security testing of new/changed application systems) relative to other business activities (such as nonsecurity testing and implementation of those systems) and allocating resources effectively, for example, investing in the security infrastructure, being a suite of controls that have multiple applications and so forming the foundation of a solid security structure, but, at the same time, ensuring the infrastructure is sufficiently flexible and suitable for current and future needs.

Good metrics provide useful, relevant information to help people—mostly, but not exclusively, managers—make decisions based on a combination of historical events (the context), The Art and Science of Security Metrics ◾ 31 what’s going on right now (including available resources and constraints), and what is anticipated to occur in the future (the change imperative). Management metrics and measurement practices in general are continually evolving; for instance, the Balanced Scorecard (Kaplan and Norton 1996) was considered state of the art when it was released well over a decade ago and still remains influential today.

Realistic managers should not actually anticipate the organization being perfectly secure and free of all information security incidents, but it is perfectly reasonable for them to seek assurance that avoidable incidents are (mostly) being avoided while any incidents that do occur cause minimal (ideally negligible) or, at least, manageable impacts. Management also wants to be reasonably confident that the information security measures in place are adequate to address the risks. This is a rational—if naive—question for management to pose, yet it is fiendishly difficult to answer without metrics and, to be frank, still tricky to address even with solid metrics.

Download PDF sample

Rated 4.18 of 5 – based on 29 votes