By Andrew Jaquith
<>The Definitive advisor to Quantifying, Classifying, and Measuring company IT safety Operations
Security Metrics is the 1st finished best-practice consultant to defining, growing, and using safeguard metrics within the company.
Using pattern charts, images, case reports, and warfare tales, Yankee team safeguard professional Andrew Jaquith demonstrates precisely how one can determine powerful metrics in accordance with your organization’s detailed standards. You’ll observe how you can quantify hard-to-measure safety actions, assemble and learn all suitable facts, establish strengths and weaknesses, set most economical priorities for development, and craft compelling messages for senior administration.
Security Metrics successfully bridges management’s quantitative perspective with the nuts-and-bolts method in general taken through defense execs. It brings jointly specialist strategies drawn from Jaquith’s broad consulting paintings within the software program, aerospace, and monetary companies industries, together with new metrics offered nowhere else. You’ll learn the way to:
• substitute nonstop hindrance reaction with a scientific method of safeguard improvement
• comprehend the variations among “good” and “bad” metrics
• degree insurance and keep watch over, vulnerability administration, password caliber, patch latency, benchmark scoring, and business-adjusted risk
• Quantify the effectiveness of safeguard acquisition, implementation, and different software actions
• arrange, combination, and study your facts to deliver out key insights
• Use visualization to appreciate and speak protection matters extra basically
• trap necessary facts from firewalls and antivirus logs, third-party auditor experiences, and different resources
• enforce balanced scorecards that current compact, holistic perspectives of organizational protection effectiveness
Whether you’re an engineer or advisor liable for defense and reporting to management–or an govt who wishes larger info for decision-making–Security Metrics is the source you've been looking for.
Andrew Jaquith, program supervisor for Yankee Group’s safety ideas and prone determination carrier, advises company consumers on prioritizing and handling defense assets. He additionally is helping safety proprietors strengthen product, carrier, and go-to-market suggestions for achieving firm shoppers. He co-founded @stake, Inc., a safety consulting pioneer received via Symantec company in 2004. His software protection and metrics examine has been featured in CIO, CSO, InformationWeek, IEEE safeguard and Privacy, and The Economist.
About the Author
Chapter 1 advent: Escaping the Hamster Wheel of Pain
Chapter 2 Defining protection Metrics
Chapter three Diagnosing difficulties and Measuring Technical Security
Chapter four Measuring application Effectiveness
Chapter five research Techniques
Chapter 6 Visualization
Chapter 7 Automating Metrics Calculations
Chapter eight Designing safeguard Scorecards
Read or Download Security Metrics: Replacing Fear, Uncertainty, and Doubt PDF
Similar Comptia books
Crucial abilities for IT professionalsMike Meyers A+ consultant to laptop Lab guide, moment version beneficial properties 40-plus lab routines that problem you to unravel difficulties in response to life like case stories and step by step eventualities that require serious considering. you will additionally get post-lab statement questions that degree your knowing of lab effects and key time period quizzes that aid construct vocabulary.
A textbook for newbies in safety. during this new first version, famous writer Behrouz Forouzan makes use of his available writing sort and visible method of simplify the tricky suggestions of cryptography and community safeguard. This variation additionally offers an internet site that comes with Powerpoint records in addition to teacher and scholars recommendations manuals.
Linux Routers, moment version indicates you precisely how you can lessen your charges and expand your community with Linux-based routing. you will find step by step assurance of software/hardware choice, configuration, administration, and troubleshooting for trendy key internetworking functions, together with LANs, Internet/intranet/extranet routers, body Relay, VPNs, distant entry, and firewalls.
WebDAV: Next-Generation Collaborative net Authoring is the total consultant to Web-based allotted Authoring and Versioning (WebDAV), the IETF commonplace for internet authoring and huge sector collaboration. skilled implementer Lisa Dusseault covers WebDAV from bits at the cord as much as customized software implementation, demonstrating with broad examples and lines from actual consumers and servers.
Additional resources for Security Metrics: Replacing Fear, Uncertainty, and Doubt