Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement

W. Krag Brotby, CISM

Hardback
$70.36

eBook
from $40.00

March 30, 2009 by Auerbach Publications
Professional - 200 Pages - 14 B/W Illustrations
ISBN 9781420052855 - CAT# AU5285

FREE Standard Shipping!

was $87.95

$70.36

SAVE $17.59

Add to Cart
Add to Wish List

Features

  • Provides a compelling business case for information security management metrics
  • Details a comprehensive overview of current and evolving security metrics
  • Demonstrates the near total inadequacy of contemporary approaches to security metrics
  • Presents a step-by-step approach for developing useful metrics essential to managing security
  • Provides a framework and process to measure and monitor meaningful aspects of information security
  • Includes case studies, useful support material, and security taxonomies
  • Summary

    Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical.

    Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions:

  • How secure is my organization?
  • How much security is enough?
  • What are the most cost-effective security solutions?
  • How secure is my organization?
  • You can’t manage what you can’t measure

    This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization’s business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response.  

    The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit.

    With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.