Rating:
(3 reviews)
Author: W. Krag Brotby CISM
ISBN : 1420052853
New from $63.58
Format: PDF
Free download Free Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement Hardcover for everyone book 4shared, mediafire, hotfile, and mirror link
About the Author
Enterprise Security Architect, Thousand Oaks, California,
Download latest books on mediafire and other links compilation Free Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement Hardcover
- Hardcover: 200 pages
- Publisher: Auerbach Publications; 1 edition (March 30, 2009)
- Language: English
- ISBN-10: 1420052853
- ISBN-13: 978-1420052855
- Product Dimensions: 0.7 x 6 x 9.2 inches
- Shipping Weight: 1 pounds (View shipping rates and policies)
Free Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
As one reviewer noted, the coverage is very superficial. The book included some rather obscure models that I have never seen it used in the real world. Perhaps the book is simply mis-titled. For the practitioners in the field who read the book and start digging a little deeper, you'd get the sense that the author really didn't have much hands-on experience. One particular paragraph and chart caught my eye.
Page. 68, the paragraph and chart on a study of the ROSI of various activities, based on a whitepaper from @Stake. The author provided no interpretation for the chart. The book claims it's based on an analysis of over 600 organisations. And wrote an insightful observation, "These results will undoubtedly be controversial and lead to energetic protests..." The following was what trouble me.
Here is a short version of what the "saving to cost ratio" chart suggests: (1)Screen Locking has a 71.9% effectiveness in improving security; whereas things like (2) Nightly Back-up (only 0.2%) and (3) Central Access Control (0.1%). Firewall, IDS, patches...etc are in between (all below 10%)
Any security professional who saw the chart and read the "insight" would question the findings and probably dig a bit deeper. I did. As it turns out, through a thin connection of mine who knows a guy who knows another guy who used to work for @Stake.
They couldn't find any whitepaper on a ROSI study of 600+ organisations. (Doesn't mean it's not there, but he couldn't find it.)
The cited source of the chart did worked for @Stake for a year or so. However, the chart actually came from the source's PhD thesis while he was an economic graduate at Stanford University.
-
Download Link 2