IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data

7h 54m
Lance Hayden
McGraw-Hill/Osborne
2010

Implement an Effective Security Metrics Project or Program

IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide.

Define security metrics as a manageable amount of usable data
Design effective security metrics
Understand quantitative and qualitative data, data sources, and collection and normalization methods
Implement a programmable approach to security using the Security Process Management Framework
Analyze security metrics data using quantitative and qualitative methods
Design a security measurement project for operational analysis of security metrics
Measure security operations, compliance, cost and value, and people, organizations, and culture
Manage groups of security measurement projects using the Security Improvement Program
Apply organizational learning methods to security metrics

About the Author

Lance Hayden, Ph.D., CISSP, CISM, is a Solutions Architect and Information Scientist with Cisco System's World Wide Security Practice where he helps Cisco's customers make informed decisions about their security operations. In addition to his private sector experience, he teaches at the University of Texas and is a former HUMINT officer with the Central Intelligence Agency.

In this Book

What Is a Security Metric?
Designing Effective Security Metrics
Understanding Data
Case Study 1: In Search of Enterprise Metrics
The Security Process Management Framework
Analyzing Security Metrics Data
Designing the Security Measurement Project
Case Study 2: Normalizing Tool Data in a Security Posture Assessment
Measuring Security Operations
Measuring Compliance and Conformance
Measuring Security Cost and Value
Measuring People, Organizations, and Culture
Case Study 3: Web Application Vulnerabilities
The Security Improvement Program
Learning Security: Different Contexts for Security Process Management
Case Study 4: Getting Management Buy-in for the Security Metrics Program

FREE ACCESS

Course Certified in Cybersecurity (CC): Business Continuity Planning

(44)

Course CompTIA Security+: Mitigation Techniques

(3)

Course Information Security for Leaders: Elements of InfoSec

(5)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data

In this Book

YOU MIGHT ALSO LIKE