IT security metrics :
Hayden, Lance.
IT security metrics : a practical framework for measuring security & protecting data / Lance Hayden. - New York : McGraw Hill, c2010. - xxvii, 368 p. : ill. ; 24 cm.
Includes bibliographical references and index.
Part I: Introducing Security Metrics; Chapter 1. What is A Security Metric?; Chapter 2. Designing Effective Security Metrics; Chapter 3. Understanding Data; Case Study I: In Search of Enterprise Metrics; Part II: Implementing Security Metrics; Chapter 4. The Security Process Management Framework; Chapter 5. Analyzing Security Metrics Data; Chapter 6. Designing the Security Measurement Project; Case Study II: Normalizing tool data in a security posture assessment; Part III: Exploring Security Measurement Projects; Chapter 7. Measuring Security Operations; Chapter 8. Measuring Compliance and Conformance; Chapter 9. Measuring Security Cost and Value; Chapter 10. Measuring People, Organizations, and Culture; Case Study III: Web Application Vulnerabilities; Part IV: Beyond Security Metrics; Chapter 11. The Security Improvement Program; Chaper 12. Learning Security: Different Context for Security Process Management; Case Study IV: Getting Management Buy-In For a Metrics Program; Index.
IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide.
9780071713405 0071713409
2010020201
Information technology -- Security measures -- Evaluation.
Data protection -- Evaluation.
Computer security -- Evaluation.
Computer crimes -- Prevention -- Measurement.
005.8
IT security metrics : a practical framework for measuring security & protecting data / Lance Hayden. - New York : McGraw Hill, c2010. - xxvii, 368 p. : ill. ; 24 cm.
Includes bibliographical references and index.
Part I: Introducing Security Metrics; Chapter 1. What is A Security Metric?; Chapter 2. Designing Effective Security Metrics; Chapter 3. Understanding Data; Case Study I: In Search of Enterprise Metrics; Part II: Implementing Security Metrics; Chapter 4. The Security Process Management Framework; Chapter 5. Analyzing Security Metrics Data; Chapter 6. Designing the Security Measurement Project; Case Study II: Normalizing tool data in a security posture assessment; Part III: Exploring Security Measurement Projects; Chapter 7. Measuring Security Operations; Chapter 8. Measuring Compliance and Conformance; Chapter 9. Measuring Security Cost and Value; Chapter 10. Measuring People, Organizations, and Culture; Case Study III: Web Application Vulnerabilities; Part IV: Beyond Security Metrics; Chapter 11. The Security Improvement Program; Chaper 12. Learning Security: Different Context for Security Process Management; Case Study IV: Getting Management Buy-In For a Metrics Program; Index.
IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide.
9780071713405 0071713409
2010020201
Information technology -- Security measures -- Evaluation.
Data protection -- Evaluation.
Computer security -- Evaluation.
Computer crimes -- Prevention -- Measurement.
005.8