Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help:
Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities Stakeholders, both within and outside the organization, be assured that information security is being competently managed
The PRAGMATIC approach lets you hone in on your problem areas and identify the few metrics that will generate real business value. The book:
Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance
In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management including finance, human resources, engineering, and production—in fact any area that suffers a surplus of data but a deficit of useful information.
Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place. http://securitymetametrics.com/
This books makes you think about metrics. It is applied to information security, but the line of thinking can easily be extended to many other fields of management. Before offering a rated choice of about 150 metrics, the authors explain a complete methodology on choosing and rating candidate metrics. A must read for those that produce KPI's for senior management, or for senior manager that want to be informed by useful indicators.
In the last few years the term "security metrics" has developed somewhat into a holy grail. Everybody wants them, everybody seems to know that they are necessary, but how the devil is the CISO or the IT department able to get them? As a result we were presented with ISO 27004, some NIST papers and others and the time of writing the term "security metrics" generates over 2.4m hits when googled and "information security metrics" over 990'000. As a CISO I am need of security metrics myself but was always a little bit hesitant of delving deeper into the matter as some of the books I read about the topic seemed arcane and rather impractical for daily use. And now this book comes along, making the whole matter in my opinion much clearer and easier to handle.
In the first few chapters Brotby and Hinson provide an overview of the status quo and the why and how of security metrics. They deal with great insight with the differing methods and concepts, and the purpose of and audience for security metrics. Chapter 5 deals concisely with points actually to be measured and where one can find them. Throughout the language is very accessible, making this book a pleasure to read and work with.
In chapter 6 the authors then provide us with a thoughtful introduction to their PRAGMATIC approach which is followed by a chapter with over 150 information security metrics. All these metrics are explained in detail, are easy to understand and thus provide a practical tool ready to use for anybody in need of reference points what and how to "measure security".
The next chapter deals concisely with the "how to". The authors provide a clear and concise explanation of how to design an information security measurement system using their method. In just about 20 pages they manage to make clear what has to go into the system, which reference points are to be considered and how everything can be pulled together in order to be able to create a system which can be easily handled and worked with as required.
The final chapters then provide the readers with more information about using metrics in general and the system of Brotby and Hinson in particular. A case study shows the practical application of the PRAGMATIC system and the final pages provide once more a wealth of helpful tools.
In summary I would like to give the following verdict: Until now I have not come across a book about information security metrics that was so clearly and concisely written. The book is easy to understand and provides a wealth of tools and inputs for anybody having to deal with metrics.
The sample metrics and the very thoughtful insights regarding the creation of an information security metrics system tailor-made for the individual organization hopefully will make this book a standard work. It is clear that the authors have thought a lot about the subject and also have practical experience in the matter, as otherwise this tome would have turned out turgid and technological, something which it clearly is not.
Product Details :
- Hardcover: 512 pages
- Publisher: Auerbach Publications; 1 edition (January 8, 2013)
- Language: English
- ISBN-10: 1439881529
- ISBN-13: 978-1439881521
- Product Dimensions: 1.5 x 6.3 x 9.1 inches
More Details about PRAGMATIC Security Metrics: Applying Metametrics to Information Security, 1st Edition
No comments:
Post a Comment