IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data
Author: Hayden, Lance
ISBN-13: 978-0-07-171340-5
ISBN-10: 0071713409
©2011 | 1st Edition | 400 pages , Softcover
Pub Date: July 2010
Price: US$ 49.99
Implement an effective security metrics project or program
IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data proposes new ways of examining security activities that focus on observation, measurement, and a more structured way of looking at security problems. These methods encourage empirical inquiry and scientific analysis over subjective judgment and opinion when driving security decision-making. The book offers concrete strategies for putting a variety of research tools and metrics into active use on everyday projects.
This definitive guide first describes the history and theory behind empirical analysis and scientific methods, and shows how traditional security practices often do not stand up to rigorous standards of research and analysis. The book then presents new security methods that improve decisions, increase security, and save time and money. The book advises how to choose effective methods and metrics for security projects and provide better information to security stakeholders, reducing uncertainty about the effectiveness of their programs.
- Define security metrics as a manageable amount of usable data
- Design effective security metrics
- Understand quantitative and qualitative data, data sources, and collection and normalization methods
- Implement a programmatic approach to security using the Security Process Management Framework.
- Analyze security metrics data using quantitative and qualitative methods
- Design a security measurement project for operational analysis of security metrics
- Measure security operations, compliance, cost and value, and people, organizations, and culture
- Manage groups of security measurement projects using the Security Improvement Program
- Apply organizational learning methods to security metrics
Endorsement
“Disperses myths while illuminating truths, pointing towards better ways for IT to conceptualize, implement, and articulate the value proposition of security activities and investments….Clearly grounded in foundational concepts of risk management, decision support, and basic economics….Abounds with practical examples, anecdotes, metaphors, crisp descriptions of difficult concepts, comparisons with other industries, and a just plain entertaining writing style that won’t strain your attention span….The relevance, information density, and readability of this book is top-notch….I strongly recommend it to anyone who is passionate and serious about protecting digital assets with better precision and effectiveness.”
–Joel Scambray, Co-Author, Hacking Exposed, and CEO of Consciere
About the Author
Lance Hayden, Ph.D. (Austin, TX) works for Cisco Systems, developing and managing security consulting services and contributing to new security product initiatives. He previously worked for the CIA where he conducted sensitive intelligence operations on behalf of the U.S. government. Lance has spoken at technology and security conferences such as RSA, FIRST, ToorCon, and Cisco Live.
Posted by mheasiacomputing 
