What do you think?
Rate this book
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical.
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions: You can’t manage what you can’t measure This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization’s business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response. The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit. With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions: You can’t manage what you can’t measure This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization’s business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response. The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit. With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.
244 pages, Hardcover
First published February 24, 2008
2 people are currently reading
18 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
Read
February 7, 2016Comprehensive introduction to metrics and how to evaluate their usefulness. Book mostly introduces available metrics calculations, what studies are out there and how different metrics are needed for different purposes. Book has a theoretical approach and is in that sense a good background reading for anyone who need to measure security.
The common thread of the book is: "Metrics serve only one purpose: decision support. We measure to manage. We manage to meet objectives in order to achieve desired outcomes."
For more practical approach I recommend Security Metrics by Andrew Jaquith.
The common thread of the book is: "Metrics serve only one purpose: decision support. We measure to manage. We manage to meet objectives in order to achieve desired outcomes."
For more practical approach I recommend Security Metrics by Andrew Jaquith.
Displaying 1 of 1 review