Security Smarts for the Self-Guided IT Professional
"An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!" --Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay
Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner's Guide explains, step by step, how to develop and implement a successful security metrics program.
This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You'll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away.
Security Metrics: A Beginner's Guide features:
- Lingo--Common security terms defined so that you're in the know on the job
- IMHO--Frank and relevant opinions based on the author's years of industry experience
- Budget Note--Tips for getting security technologies and processes into your organization's budget
- In Actual Practice--Exceptions to the rules of security explained in real-world contexts
- Your Plan--Customizable checklists you can use on the job now
- Into Action--Tips on how, why, and when to apply new skills and techniques at work
Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum.
Table of contents
Part I: Why Security Metrics
Chapter 1 Why Measure Security?
Chapter 2 Why Now Security Metrics Are Needed NowPart II: Essential Components of an Effective Security Metrics Practitioner
Chapter 3 Analytics
Chapter 4 Commitment to Project ManagementPart III: Decide What to Measure
Chapter 5 Identify Core Competencies, Information Security Work, and Resourcing Options
Chapter 6 Identify TargetsPart IV: Get Started
Chapter 7 Defining Project Objectives
Chapter 8 Define Your Priorities
Chapter 9 Identify Key Messages and Key Audiences
Chapter 10 Obtain Buy-In from StakeholdersPart V: Toolkit
Chapter 11 Automation
Chapter 12 Analysis Technology and a Case StudyPart VI: Creating the Best Environment for Healthy Metrics
Chapter 13 Define a Communications Strategy
Chapter 14 Create and Drive an Action Plan: The Importance of Project ManagementPart VII: Secret Sauce: Lessons Learned from an Enterprise Practitioner
Chapter 15 Improving Data Quality and Presentation
Chapter 16 Resourcing Security Metrics ProjectsPart VIII: Looking Forward
Chapter 17 Security Metrics for Cloud ComputingPart IX: Appendix and Glossary
Appendix A Templates and Checklists