Rating:
Author:
ISBN : B003VS0RNS
New from $18.86
Format: PDF
Download file now Free Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement from 4shared, mediafire, hotfile, and mirror link Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical.
Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions:
How secure is my organization?How much security is enough?What are the most cost-effective security solutions?How secure is my organization?Solid metrics are the key to cost-effective information security – you can’t manage what you can’t measure
This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization’s business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response.
The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit.
With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.
Direct download links available for Free Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
- File Size: 2704 KB
- Print Length: 200 pages
- Simultaneous Device Usage: Up to 4 simultaneous devices, per publisher limits
- Publisher: Auerbach Publications (March 30, 2009)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B003VS0RNS
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #774,391 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement
As one reviewer noted, the coverage is very superficial. The book included some rather obscure models that I have never seen it used in the real world. Perhaps the book is simply mis-titled. For the practitioners in the field who read the book and start digging a little deeper, you'd get the sense that the author really didn't have much hands-on experience. One particular paragraph and chart caught my eye.
Page. 68, the paragraph and chart on a study of the ROSI of various activities, based on a whitepaper from @Stake. The author provided no interpretation for the chart. The book claims it's based on an analysis of over 600 organisations. And wrote an insightful observation, "These results will undoubtedly be controversial and lead to energetic protests..." The following was what trouble me.
Here is a short version of what the "saving to cost ratio" chart suggests: (1)Screen Locking has a 71.9% effectiveness in improving security; whereas things like (2) Nightly Back-up (only 0.2%) and (3) Central Access Control (0.1%). Firewall, IDS, patches...etc are in between (all below 10%)
Any security professional who saw the chart and read the "insight" would question the findings and probably dig a bit deeper. I did. As it turns out, through a thin connection of mine who knows a guy who knows another guy who used to work for @Stake.
They couldn't find any whitepaper on a ROSI study of 600+ organisations. (Doesn't mean it's not there, but he couldn't find it.)
The cited source of the chart did worked for @Stake for a year or so. However, the chart actually came from the source's PhD thesis while he was an economic graduate at Stanford University.
-
Download Link 2