Product Description

This book defines more than 900 metrics measuring compliance with current legislation, resiliency of security controls, and return on investment. It explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The metrics are scaled by information sensitivity, asset criticality, and risk; aligned to correspond with different lateral and hierarchical functions; designed with flexible measurement boundaries; and can be implemented individually or in combination. The text includes numerous examples and sample reports and stresses a complete assessment by evaluating physical, personnel, IT, and operational security controls.

Product Details

• Amazon Sales Rank: #654611 in Books
• Published on: 2007-01-22
• Original language: English
• Number of items: 1
• Binding: Hardcover
• 848 pages

Review
This book is a useful reference for individuals who must meet the challenge of selecting good metrics.
—Cheryl Washington, Information Security Officer, California State University, writing in Educause Quarterly

… this book makes a noble effort at surveying the entire landscape of security and privacy metrics. … points out in her introduction a glaring limitation to many books on IT Security: it doesn’t function in a vacuum and must embrace the related domains of physical, personnel and operational security. … table provides and excellent starting point for reading the book and also allows quick identification of the particular sections most relevant to a reader’s interests. Provides valuable directions on how measurement works and what goes into producing a useful metric. … when faced with the necessity of developing a metrics program to measure the effectiveness of some aspect of your security efforts, this rather imposing tome is one I would recommend as a way to jumpstart your efforts. The master table in the introduction provides a quick guide to the particular section most relevant to the reader’s need …
— Richard Austin, in IEEE Cipher, June 2007

About the Author
U.S. Nuclear Regulatory Commission, Washington, D.C., USA

Customer Reviews

The Oracle of Metrics (and I am not talking about the company)
***This is a big book full of a lot of facts and figures.*** (Yes a very big book, not a cover to cover book.) 824 pages, 5 chapters and by no means a read it from cover to cover book. The first two chapters, the "Introduction" and "the What's and Whys of Metrics" are the authors interesting and quite knowledgeable overview of the world of operational, personal, physical and IT security metrics. After, the remaining chapters get in-depth. Chapter 3 "Measuring Compliance" goes into great detail about relating the different acts, bills, regulations and directives with various Metrics. Chapter 4 "Measuring Resilience" provides numerous worksheets and questionnaires as well as an abundance of information regarding threats, asset protection, mission protection, audit trails and others. Finally Chapter 5 "Measuring ROI" covers cost, benefits, some case studies and comparative analysis as well again some great worksheets.
A very useful and well organized guide. (Although a bit on the expensive side)