Author Biography
Andrew Jaquith is the program manager for Yankee Group’s Enabling Technologies Enterprise group, with expertise in compliance, security, and risk management. Jaquith advises enterprise clients on how to manage security resources in their environments. He also helps security vendors develop strategies for reaching enterprise customers. Jaquith’s research focuses on topics such as security management, risk management, and packaged and custom web-based applications.
Jaquith has 15 years of IT experience. Before joining Yankee Group, he cofounded and served as program director at @stake, Inc., a security consulting pioneer, which Symantec Corporation acquired in 2004. Before @stake, Jaquith held project manager and business analyst positions at Cambridge Technology Partners and FedEx Corporation.
His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. In addition, Jaquith contributes to several security-related open-source projects.
Jaquith holds a B.A. degree in economics and political science from Yale University.
Table of Contents
Foreword | p. xv |
Preface | p. xix |
Acknowledgments | p. xxv |
About the Author | p. xxviii |
Introduction: Escaping the Hamster Wheel of Pain | p. 1 |
Defining Security Metrics | p. 9 |
Diagnosing Problems and Measuring Technical Security | p. 39 |
Measuring Program Effectiveness | p. 89 |
Analysis Techniques | p. 133 |
Visualization | p. 157 |
Automating Metrics Calculations | p. 217 |
Designing Security Scorecards | p. 251 |
Index | p. 301 |
Table of Contents provided by Publisher. All Rights Reserved. |
Supplemental Materials
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.