By Andrew Jaquith
<>The Definitive advisor to Quantifying, Classifying, and Measuring firm IT protection Operations
Security Metrics is the 1st accomplished best-practice consultant to defining, developing, and using protection metrics within the firm.
Using pattern charts, portraits, case stories, and battle tales, Yankee crew protection professional Andrew Jaquith demonstrates precisely how one can determine powerful metrics in keeping with your organization’s particular requisites. You’ll notice tips on how to quantify hard-to-measure safeguard actions, assemble and learn all proper info, determine strengths and weaknesses, set low-budget priorities for development, and craft compelling messages for senior administration.
Security Metrics successfully bridges management’s quantitative perspective with the nuts-and-bolts process regularly taken by means of safeguard execs. It brings jointly professional ideas drawn from Jaquith’s wide consulting paintings within the software program, aerospace, and fiscal prone industries, together with new metrics provided nowhere else. You’ll find out how to:
• substitute nonstop obstacle reaction with a scientific method of defense improvement
• comprehend the variations among “good” and “bad” metrics
• degree assurance and keep an eye on, vulnerability administration, password caliber, patch latency, benchmark scoring, and business-adjusted risk
• Quantify the effectiveness of defense acquisition, implementation, and different software actions
• set up, combination, and examine your facts to convey out key insights
• Use visualization to appreciate and speak defense concerns extra essentially
• seize priceless facts from firewalls and antivirus logs, third-party auditor experiences, and different resources
• enforce balanced scorecards that current compact, holistic perspectives of organizational defense effectiveness
Whether you’re an engineer or advisor liable for protection and reporting to management–or an govt who wishes higher info for decision-making–Security Metrics is the source you've been looking for.
Andrew Jaquith, program supervisor for Yankee Group’s safety options and companies selection carrier, advises firm consumers on prioritizing and dealing with safety assets. He additionally is helping protection owners enhance product, provider, and go-to-market recommendations for attaining firm buyers. He co-founded @stake, Inc., a safety consulting pioneer got by way of Symantec company in 2004. His program defense and metrics examine has been featured in CIO, CSO, InformationWeek, IEEE protection and Privacy, and The Economist.
Foreword
Preface
Acknowledgments
About the Author
Chapter 1 creation: Escaping the Hamster Wheel of Pain
Chapter 2 Defining safeguard Metrics
Chapter three Diagnosing difficulties and Measuring Technical Security
Chapter four Measuring software Effectiveness
Chapter five research Techniques
Chapter 6 Visualization
Chapter 7 Automating Metrics Calculations
Chapter eight Designing protection Scorecards
Index
Read or Download Security Metrics: Replacing Fear, Uncertainty, and Doubt PDF
Similar Comptia books
Low Voltage Wiring: Security/Fire Alarm Systems
Best-of-the-best directions for dealing with low voltage wiring The A-Z reference on designing, fitting, conserving, and troubleshooting smooth safeguard and hearth alarm platforms is now totally updated in a brand new version. ready through Terry Kennedy and John E. Traister, authors with over 3 a long time of hands-on event apiece within the development undefined, Low Voltage Wiring: Security/Fire Alarm structures, 3rd variation presents the entire acceptable wiring info you must paintings on safety and hearth alarm platforms in residential, advertisement, and commercial constructions.
From the number one identify in expert Certification Get at the quick music to turning into CompTIA A+ qualified with this reasonable, transportable research device. within, certification education professional Mike Meyers courses you in your occupation direction, offering professional guidance and sound recommendation alongside the way in which. With a thorough concentration in basic terms on what you want to be aware of to move CompTIA A+ assessments 220-801 & 220-802, this certification passport is your price tag to good fortune on examination day.
HackNotes(tm) Linux and Unix Security Portable Reference
Guard your platforms from every kind of hackers, hijackers, and predators with aid from this insightful source. Get thorough, just-the-facts assurance of Linux, UNIX and Solaris, and know about complex hacking ideas together with buffer overflows, password concept, port re-direction, and extra.
Real World Linux Security (2nd Edition)
Your Linux process could be attacked. Be prepared! actual global Linux protection, moment variation brings jointly cutting-edge options and particular software program for shielding your self opposed to cutting-edge so much vicious net assaults. Highlights contain spectacular new learn on IP Tables effectiveness; new how one can block ARP assaults; advances in adaptive firewalls; quickly restoration from intrusions; securing instant platforms, immediate messaging, VPNs, Samba, and Linux 2.
Extra resources for Security Metrics: Replacing Fear, Uncertainty, and Doubt