did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781420052855

Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement

by ;
  • ISBN13:

    9781420052855

  • ISBN10:

    1420052853

  • Edition: 1st
  • Format: Hardcover
  • Copyright: 2009-03-30
  • Publisher: Auerbach Public

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

List Price: $97.95 Save up to $32.98
  • Rent Book $68.56
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-5 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and even more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical.

Table of Contents

Acknowledgmentsp. xi
Introductionp. xiii
Security Metrics Overviewp. 1
Metrics and Objectivesp. 4
Information Securityp. 7
IT Securityp. 8
Why the IT Metric Focusp. 8
Other Assurance Functionsp. 8
Stakeholdersp. 10
Endnotesp. 10
Security Metricsp. 13
Security Program Effectivenessp. 14
Types of Metricsp. 15
Information Assurance / Security Metrics Classificationp. 17
Monitoring vs. Metricsp. 18
Endnotesp. 18
Current State of Security Metricsp. 21
Quantitative Measures and Metricsp. 21
Performance Metricsp. 21
Discussionp. 25
Financial Metricsp. 25
Return on Investment (ROI)p. 26
Payback Methodp. 26
ROI Calculationp. 27
NPVp. 29
IRRp. 29
Return on Security Investment (ROSI)p. 30
SLE and ALEp. 30
ROSIp. 31
A New ROSI Modelp. 31
A More Complex Security ROIp. 32
Security Attribute Evaluation Method (SAEM)p. 35
Cost-Effectiveness Analysisp. 35
Cost-Benefit Analysisp. 36
Fault Tree Analysisp. 36
Value at Risk (VAR)p. 37
ALE/SLEp. 37
Qualitative Security Metricsp. 38
Cultural Metricsp. 39
Risk Management through Cultural Theoryp. 39
The Competing Values Frameworkp. 40
Organizational Structurep. 42
Hybrid Approachesp. 43
Systemic Security Managementp. 43
Balanced Scorecardp. 44
The SABSA Business Attributes Approachp. 46
Quality Metricsp. 48
Six Sigmap. 48
ISO 9000p. 49
Maturity Levelp. 49
Benchmarkingp. 50
Standardsp. 50
OCTAVEp. 51
Endnotesp. 51
Metrics Developmentsp. 53
Statistical Modelingp. 54
Systemic Security Managementp. 55
Value at Risk Analysisp. 56
Factor Analysis of Information Risk (FAIR)p. 57
Risk Factor Analysisp. 58
Probabilistic Risk Assessment (PRA)p. 58
Endnotesp. 61
Relevancep. 63
Problem Inertiap. 64
Correlating Metrics to Consequencesp. 64
The Metrics Imperativep. 67
Study of ROSI of Security Measuresp. 68
Resource Allocationp. 69
Managing without Metricsp. 70
Endnotesp. 71
Attributes of Good Metricsp. 73
Metrics Objectivesp. 75
Measurement Categoriesp. 75
Effective Metricsp. 77
What Is Being Measured?p. 79
Why Is It Measured?p. 80
Who Are the Recipients?p. 81
What Does It Mean?p. 81
What Action Is Required?p. 81
Information Security Governancep. 83
Security Governance Outcomesp. 84
Defining Security Objectivesp. 85
Sherwood Applied Business Security Architecture (SABSA)p. 86
CobiTp. 86
ISO 27001p. 89
Capability Maturity Modelp. 90
Current Statep. 91
Information Security Strategyp. 91
Endnotesp. 92
Metrics Development-A Different Approachp. 93
The Information Security Managerp. 94
Activities Requiring Metricsp. 96
Criticality and Sensitivityp. 97
Degree of Risk or Potential Impactp. 97
Risk over Timep. 97
Options and Cost-Effectivenessp. 97
Ranking Metrics and Monitoring Requirementsp. 98
Monitoring, Measures, or Metrics?p. 98
Information Security Governance Metricsp. 101
Strategic Security Governance Decisionsp. 101
Strategic Security Governance Decision Metricsp. 102
Security Governance Management Decisionsp. 103
Strategic Directionp. 103
Ensuring Objectives Are Achievedp. 104
Managing Risks Appropriatelyp. 104
Using Resources Responsiblyp. 105
Security Governance Operational Decisionsp. 105
Information Security Risk Managementp. 107
Information Security Risk Management Decisionsp. 108
Management Requirements for Information Security Riskp. 109
Criticality of Assetsp. 109
Sensitivity of Assetsp. 110
The Nature and Magnitude of Impactsp. 110
Vulnerabilitiesp. 110
Threatsp. 111
Probability of Compromisep. 111
Strategic Initiatives and Plansp. 111
Acceptable Levels of Risk and Impactp. 112
Information Security Operational Risk Metricsp. 112
Information Security Program Development Metricsp. 115
Program Development Management Metricsp. 116
Program Development Operational Metricsp. 117
Information Security Management Metricsp. 119
Security Management Decision Support Metricsp. 120
Security Management Decisionsp. 122
Strategic Alignmentp. 123
Risk Managementp. 125
Metrics for Risk Managementp. 126
Assurance Process Integrationp. 132
Value Deliveryp. 134
Resource Managementp. 136
Performance Measurementp. 136
Information Security Management Operational Decision Support Metricsp. 137
IT and Information Security Managementp. 137
Compliance Metricsp. 138
Endnotesp. 147
Incident Management and Responsep. 149
Incident Management Decision Support Metricsp. 150
Is It Actually an Incident?p. 150
What Kind of Incident Is It?p. 151
Is It a Security Incident?p. 151
What Is the Severity Level?p. 151
Are There Multiple Events and/or Impacts?p. 152
Will an Incident Need Triage?p. 152
What Is the Most Effective Response?p. 152
What Immediate Actions Must be Taken?p. 153
Which Incident Response Teams and Other Personnel Must be Mobilized?p. 153
Who Must be Notified?p. 153
Who Is in Charge?p. 153
Is It Becoming a Disaster?p. 153
Conclusionsp. 155
Predictive Metricsp. 155
Acronymsp. 157
Metrics Classificationsp. 165
IA Program Developmental Metricsp. 165
Policy Management Metricsp. 165
Process Maturity Metricsp. 165
Support Metricsp. 166
Personnel Support Metricsp. 166
Resource Support Metricsp. 166
Operational Metricsp. 166
Operational Readiness Metricsp. 166
Management Readiness Metricsp. 167
Technical Readiness Metricsp. 167
Operational Practice Metricsp. 167
Operational Environment Metricsp. 167
Effectiveness Metricsp. 168
Metrics for Technical Target of Assessment (TTOA)p. 168
Metrics for Strength Assessmentp. 168
Metrics for Weakness Assessmentp. 169
Acknowledgmentsp. 170
Endnotesp. 170
Referencesp. 170
Cultural Worldviewsp. 171
Endnotesp. 173
The Competing Values Frameworkp. 175
Cultural Dimensionsp. 175
Horizontal: In/Outp. 175
Vertical: Stability/Flexibilityp. 175
The Competing Values Mapp. 175
Hierarchyp. 176
Marketp. 176
Clanp. 176
Adhocracyp. 177
The Organization Culture Assessment Instrument (OCAI)p. 179
SABSA Business Attribute Metricsp. 181
Endnotesp. 200
Capability Maturity Modelp. 201
Initialp. 201
Repeatablep. 201
Definedp. 202
Managedp. 202
Optimizingp. 202
Probabilistic Risk Assessmentp. 205
What Is Probabilistic Risk Assessment?p. 205
What Are the Benefits of PRA?p. 207
Indexp. 211
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program