Information security management metrics : a definitive guide to effective security monitoring and measurement /

Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been m...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Brotby, W. Krag (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Boca Raton : Auerbach Publications, ©2009.
Temas:
Information technology > Security measures.
Computer security.
Business enterprises > Computer networks > Security measures.
Data protection.
Computer Security
Technologie de l'information > Sécurité > Mesures.
Sécurité informatique.
Protection de l'information (Informatique)
BUSINESS & ECONOMICS > Industrial Management.
BUSINESS & ECONOMICS > Management.
BUSINESS & ECONOMICS > Management Science.
BUSINESS & ECONOMICS > Organizational Behavior.
Business enterprises > Computer networks > Security measures
Computer security
Data protection
Information technology > Security measures
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Security metrics overview
  • Metrics and objectives
  • Information security
  • IT security
  • Other assurance functions
  • Stakeholders
  • Security metrics
  • Security program effectiveness
  • Types of metrics
  • Information assurance / security metrics classification
  • Monitoring vs. metrics
  • Current state of security metrics
  • Quantitative measures and metrics
  • Financial metrics
  • Return on investments
  • Payback method
  • ROI calculation
  • NPV
  • IRR
  • Return on security investment (ROSI)
  • SLE and ALE
  • ROSI
  • A new ROSI model
  • A more complex security ROI
  • Security attribute evaluation method (SAEM)
  • Cost-effectiveness analysis
  • Cost-benefit analysis
  • Fault tree analysis
  • Value at ris (VAR)
  • ALE/SLE
  • Qualitative security metrics
  • Cultural metrics
  • Risk management through cultural theory
  • The competing values framework
  • Organizational structure
  • Hybrid approaches
  • Systemic security management
  • Balanced scorecard
  • The SABSA business attributes approach
  • Quality metrics
  • Six sigma
  • ISO 9000
  • Maturity level
  • Benchmarking
  • Standards
  • OCTAVE
  • Metrics developments
  • Statistical modeling
  • Systemic security management
  • Value at risk analysis
  • Factor analysis of information risk (FAIR)
  • Risk factor analysis
  • Probabilistic risk assessment (PRA)
  • Relevance
  • Problem Inertia
  • Correlating metrics to consequences
  • The metrics imperative
  • Study of ROSI of security measures
  • Resource allocation
  • Managing without metrics
  • Attributes of good metrics
  • Metrics objectives
  • Measurement categories
  • Effective metrics
  • What is being measured?
  • Why is it measured?
  • Who are the recipients?
  • What does it mean?
  • What action is required?
  • Information security governance
  • Security governance outcomes
  • Defining security objectives
  • Sherwood applied business security architecture (SABSA)
  • CobiT
  • ISO 27001
  • Capability maturity model
  • Current state
  • Information security strategy
  • Metrics development
  • a different approach
  • The information security manager
  • Activities requiring metrics
  • Criticality and sensitivity
  • Degree of risk or potential impact
  • Risk over time
  • Options and cost-effectiveness
  • Ranking metrics and monitoring requirements
  • Monitoring, measures, or metrics?
  • Information security governance metrics
  • Strategic security governance decisions
  • Strategic security governance decision metrics
  • Security governance management decisions
  • Strategic direction
  • Ensuring objectives are achieved
  • Managing risks appropriately
  • Using resources responsibly
  • Security governance operational decisions
  • Information security risk management
  • Information security risk management decisions
  • Management requirements for information security risk
  • Criticality of assets
  • Sensitivity of assets
  • The nature and magnitude of impacts
  • Vulnerabilities
  • Threats
  • Probability of compromise
  • Strategic initiatives and plans
  • Acceptable levels of risk and impact
  • Information security operational risk metrics
  • Information security program development metrics
  • Program development management metrics
  • Program development operational metrics
  • Information security management metrics
  • Security management decision support metrics
  • Security management decisions
  • Strategic alignment
  • Risk management
  • Metrics for risk management
  • Assurance process integration
  • Value delivery
  • Resource management
  • Performance measurement
  • Information security management operational decision
  • Support metrics
  • IT and information security management
  • Compliance metrics
  • Incident management and response
  • Incident management decision support metrics
  • Is it actually an incident?
  • What kind of incident is it?
  • Is it a security incident?
  • What is the severity level?
  • Are there multiple events and / or impacts?
  • Will an incident need triage?
  • What is the most effective response?
  • What immediate actions must be taken?
  • Which incident response teams and other personnel must be mobilized?
  • Who must be notified?
  • Who is in charge
  • Is it becoming a disaster?
  • Conclusions
  • Predictive metrics.

Ejemplares similares