PRAGMATIC Security Metrics: Applying Metametrics to Information Security
Autor W. Krag Brotby, Gary Hinsonen Limba Engleză Hardback – 8 ian 2013
Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help:
- Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done
- Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities
- Stakeholders, both within and outside the organization, be assured that information security is being competently managed
- Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured
- Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method
- Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice
- Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales
- Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance
Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place.http://securitymetametrics.com/
Preț: 925.49 lei
Preț vechi: 1156.86 lei
-20% Nou
Puncte Express: 1388
Preț estimativ în valută:
177.14€ • 184.12$ • 146.73£
177.14€ • 184.12$ • 146.73£
Carte tipărită la comandă
Livrare economică 04-18 februarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781439881521
ISBN-10: 1439881529
Pagini: 512
Ilustrații: 63 black & white illustrations, 198 black & white tables
Dimensiuni: 156 x 234 x 38 mm
Greutate: 0.82 kg
Ediția:1
Editura: CRC Press
Colecția Auerbach Publications
ISBN-10: 1439881529
Pagini: 512
Ilustrații: 63 black & white illustrations, 198 black & white tables
Dimensiuni: 156 x 234 x 38 mm
Greutate: 0.82 kg
Ediția:1
Editura: CRC Press
Colecția Auerbach Publications
Public țintă
Academic and Professional Practice & DevelopmentCuprins
Introduction. Why Measure Information Security? What To Measure - The Ingredients. How To Measure - The Recipes. Presenting and Using PRAGMATIC Metrics. Improving the Measurement System. Conclusions.
Recenzii
Like all books on metrics, PRAGMATIC Security Metrics: Applying Metametrics to Information Security makes the statement that "you can't manage what you can't measure". The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is meant as a how-to-do-it guide for security metrics.
As to the title, PRAGMATIC is an acronym for the basis of the method of the book, in using metrics that are predictive, relevant, actionable, genuine, meaningful, timely, independent and cost. After reading the first chapter, PRAGMATIC Security Metrics: Applying Metametrics to Information Security looks like it may live up to its promise of being able to use metrics not only to track and report performance but to identify problem areas and opportunities, and drive information security improvements. If so, this could be the metrics book a lot of information security professionals have been waiting for.
—Ben Rothke, CISSP, CISM, Information Security Manager, Wyndham Worldwide; and author of Computer Security: 20 Things Every Employee Should Know, writing on the RSA Conference Blog, www.rsaconference.com
As to the title, PRAGMATIC is an acronym for the basis of the method of the book, in using metrics that are predictive, relevant, actionable, genuine, meaningful, timely, independent and cost. After reading the first chapter, PRAGMATIC Security Metrics: Applying Metametrics to Information Security looks like it may live up to its promise of being able to use metrics not only to track and report performance but to identify problem areas and opportunities, and drive information security improvements. If so, this could be the metrics book a lot of information security professionals have been waiting for.
—Ben Rothke, CISSP, CISM, Information Security Manager, Wyndham Worldwide; and author of Computer Security: 20 Things Every Employee Should Know, writing on the RSA Conference Blog, www.rsaconference.com
Notă biografică
Krag Brotby has 30 years of experience in the area of enterprise computer security architecture, governance, risk, and metrics and is a Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise Information Technology qualifications. Krag is a CISM trainer and has developed a number of related courses in governance, metrics, governance-risk-compliance (GRC), and risk and trained thousands on five continents during the past decade.
Krag's experience includes intensive involvement in current and emerging security architectures, IT and information security metrics, and governance. He holds a foundation patent for digital rights management and has published a variety of technical and IT security-related articles and books. Brotby has served as principal author and editor of the Certified Information Security Manager Review Manual (ISACA 2012) since 2005, and is the researcher and author of the widely circulated Information Security Governance: Guidance for Boards of Directors and Executive Management (ITGI 2006), and Information Security Governance: Guidance for Information Security Managers (ITGI 2008a) as well as a new approach to Information Security Management Metrics (Brotby 2009a) and Information Security Governance; A Practical Development and Implementation Approach (Brotby 2009b). Krag has served on ISACA's Security Practice Development Committee. He was appointed to the Test Enhancement Committee, responsible for testing development, and to the committee developing a systems approach to information security called the Business Model for Information Security (BMIS). He received the 2009 ISACA John W. Lainhart IV Common Body of Knowledge Award for noteworthy contributions to the information security body of knowledge for the benefit of the global information security community.
Krag is a member
Krag's experience includes intensive involvement in current and emerging security architectures, IT and information security metrics, and governance. He holds a foundation patent for digital rights management and has published a variety of technical and IT security-related articles and books. Brotby has served as principal author and editor of the Certified Information Security Manager Review Manual (ISACA 2012) since 2005, and is the researcher and author of the widely circulated Information Security Governance: Guidance for Boards of Directors and Executive Management (ITGI 2006), and Information Security Governance: Guidance for Information Security Managers (ITGI 2008a) as well as a new approach to Information Security Management Metrics (Brotby 2009a) and Information Security Governance; A Practical Development and Implementation Approach (Brotby 2009b). Krag has served on ISACA's Security Practice Development Committee. He was appointed to the Test Enhancement Committee, responsible for testing development, and to the committee developing a systems approach to information security called the Business Model for Information Security (BMIS). He received the 2009 ISACA John W. Lainhart IV Common Body of Knowledge Award for noteworthy contributions to the information security body of knowledge for the benefit of the global information security community.
Krag is a member
Descriere
Light on mathematics and heavy on utility, this is the ultimate how-to-do-it guide for security metrics. Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system. In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management