Security Metrics, A Beginner's Guide
Step 1. Download Adobe Digital Editions Both PC and Mac users will need to download Adobe Digital Editions to access their eBook. You can download Adobe Digital Editions at Adobe's website here.
Step 2. Register an Adobe ID if you do not already have one. (This step is optional, but allows you to open the file on multiple devices) Visit account.Adobe.com to register your Adobe account.
Step 3: Authorize Adobe Digital Editions using your Adobe ID. In Adobe Digital Editions, go to the Help menu. Choose “Authorize Computer.”
Step 4: Open your file with Adobe Digital Editions. Once you’ve linked your Adobe Digital Editions with your Adobe ID, you should be able to access your eBook on any device which supports Adobe Digital Editions and is authorized with your ID. If your eBook does not open in Adobe Digital Editions upon download, please contact customer service
1 Why Measure Security?
2 Why Now? Volumes, Bots
Part II: Essential Components of an Effective Security Metrics Practitioner
3 Analytics
4 Discipline, Commitment, Project Management
Part III: Decide What to Measure
5 Core Competencies
6 Identify Targets
Part IV: Get Started
7 Define Objectives / Goals
8 Define Your Priorities
9 Identify Key Messages for Key Audiences
10 Obtain Buy-In from Stakeholders and Commit to Timelines
Part V: Toolkit
11 Center for Information Security (CIS) Consensus Metrics Definitions
12 Case Study and Analysis Technology Samples
Part VI: Creating the Best Environment for Healthy Metrics
13 Define a Communications Strategy
14 Create and Drive an Action Plan: The Importance of Project Management
Part VII: Secret Sauce: Lessons Learned from an Enterprise Practitioner
15 Enhance Process Optimization and Data Quality
16 Fix Broken Processes Before Automation
17 Leverage Politics and Competition
Part VIII: Appendices
Appendix A Glossary of Terms
Appendix B Checklists
Appendix C Templates
“An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!” —Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay
Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner's Guide explains, step by step, how to develop and implement a successful security metrics program.
This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You'll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away.
Security Metrics: A Beginner's Guide features:
- Lingo--Common security terms defined so that you're in the know on the job
- IMHO--Frank and relevant opinions based on the author's years of industry experience
- Budget Note--Tips for getting security technologies and processes into your organization's budget
- In Actual Practice--Exceptions to the rules of security explained in real-world contexts
- Your Plan--Customizable checklists you can use on the job now
- Into Action--Tips on how, why, and when to apply new skills and techniques at work
Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum.