PDF Ebook PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson
In reviewing PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson, currently you could not likewise do traditionally. In this contemporary period, gizmo and computer will help you so much. This is the moment for you to open up the device and stay in this site. It is the ideal doing. You could see the connect to download this PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson right here, cannot you? Merely click the link and negotiate to download it. You could get to acquire guide PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson by on-line as well as prepared to download. It is really different with the traditional way by gong to guide store around your city.
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson
PDF Ebook PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson
PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson Just how can you transform your mind to be a lot more open? There numerous resources that could aid you to enhance your ideas. It can be from the other experiences and tale from some individuals. Book PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson is one of the relied on sources to get. You could find many publications that we discuss right here in this site. And now, we reveal you one of the best, the PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson
Yet, just what's your issue not as well liked reading PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson It is a great task that will always provide terrific advantages. Why you end up being so odd of it? Many things can be practical why people do not like to read PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson It can be the dull tasks, the book PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson compilations to review, also lazy to bring nooks everywhere. Today, for this PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson, you will begin to enjoy reading. Why? Do you know why? Read this page by finished.
Beginning with visiting this site, you have aimed to begin loving reading a book PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson This is specialized website that sell hundreds compilations of publications PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson from great deals resources. So, you won't be tired any more to pick the book. Besides, if you likewise have no time to look the book PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson, merely rest when you're in office and also open the internet browser. You can find this PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson lodge this internet site by connecting to the web.
Obtain the link to download this PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson as well as start downloading. You can desire the download soft documents of the book PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson by going through other activities. Which's all done. Currently, your rely on read a publication is not consistently taking and carrying guide PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson all over you go. You could save the soft file in your device that will never be away and also review it as you such as. It resembles reading story tale from your gadget after that. Currently, begin to love reading PRAGMATIC Security Metrics: Applying Metametrics To Information Security, By W. Krag Brotby, Gary Hinson and also obtain your brand-new life!
Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help:
- Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done
- Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities
- Stakeholders, both within and outside the organization, be assured that information security is being competently managed
- Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured
- Describes, scores and ranks more than 150 potential security metrics to demonstrate the value of the PRAGMATIC method
- Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice
- Describes innovative and flexible measurement approaches such as maturity metrics with continuous scales
- Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance
Visit SecurityMetametrics.com supporting the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place for you.
- Sales Rank: #861139 in Books
- Brand: Brand: Auerbach Publications
- Published on: 2013-01-08
- Original language: English
- Number of items: 1
- Dimensions: 9.21" h x 1.13" w x 6.14" l, 1.90 pounds
- Binding: Hardcover
- 512 pages
- Used Book in Good Condition
Review
Like all books on metrics, PRAGMATIC Security Metrics: Applying Metametrics to Information Security makes the statement that "you can't manage what you can't measure". The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is meant as a how-to-do-it guide for security metrics.
As to the title, PRAGMATIC is an acronym for the basis of the method of the book, in using metrics that are predictive, relevant, actionable, genuine, meaningful, timely, independent and cost. After reading the first chapter, PRAGMATIC Security Metrics: Applying Metametrics to Information Security looks like it may live up to its promise of being able to use metrics not only to track and report performance but to identify problem areas and opportunities, and drive information security improvements. If so, this could be the metrics book a lot of information security professionals have been waiting for.
―Ben Rothke, CISSP, CISM, Information Security Manager, Wyndham Worldwide; and author of Computer Security: 20 Things Every Employee Should Know, writing on the RSA Conference Blog, www.rsaconference.com
About the Author
Krag Brotby CISM CGEIT has 30 years' experience in enterprise computer security architecture, governance, risk, and metrics. He is the principal author/editor of ISACA's Certified Information Security Manager Review Manual, plus Information Security Governance: Guidance for Boards of Directors and Guidance for Information Security Managers; Information Security Management Metrics; and Information Security Governance: A Practical Development and Implementation Approach. Krag has served on ISACA committees and the California High Tech Task Force Steering Committee, and frequently presents conference workshops and seminars. Krag was the principal architect for Xerox BASIA enterprise security and the SWIFT Next Gen PKI; served as technical director at RAND Corporation and chief security strategist for TransactPlus. He developed policies for several U.S. banks and consulted for Australia Post, New Zealand Inland Revenue, Singapore Infocom Development Agency, Microsoft, Unisys, AT&T, BP Alyeska, Countrywide Financial, Informix, Visa, VeriSign, Digital Signature Trust, Zantaz, Bank Al-Bilad, J.P. Morgan Chase, KeyBank, Certicom, and Paycom, among others. Krag delivers courses in metrics, governance‐risk‐compliance (GRC) and risk, and holds a foundation patent for digital rights management.
Dr Gary Hinson PhD MBA CISSP has worked in IT system and network administration, information security and IT auditing with multinationals in the pharmaceuticals/life sciences, utilities, IT, engineering, defense, and financial services industries, since the 1980s, and consulting since 2000. His day job involves preparing security awareness materials for NoticeBored (NoticeBored.com), an innovative subscription service. He is also responsible for ISO27001security.com, the ISO27k Toolkit and Forum supporting a global user community. Gary was originally a scientist researching bacterial genetics. The rational scientist and metrician still lurks deep within.
Most helpful customer reviews
7 of 8 people found the following review helpful.
A wealth of tools and inputs for anybody having to deal with metrics.
By Daniel Brunner
In the last few years the term "security metrics" has developed somewhat into a holy grail. Everybody wants them, everybody seems to know that they are necessary, but how the devil is the CISO or the IT department able to get them? As a result we were presented with ISO 27004, some NIST papers and others and the time of writing the term "security metrics" generates over 2.4m hits when googled and "information security metrics" over 990'000.
As a CISO I am need of security metrics myself but was always a little bit hesitant of delving deeper into the matter as some of the books I read about the topic seemed arcane and rather impractical for daily use. And now this book comes along, making the whole matter in my opinion much clearer and easier to handle.
In the first few chapters Brotby and Hinson provide an overview of the status quo and the why and how of security metrics. They deal with great insight with the differing methods and concepts, and the purpose of and audience for security metrics. Chapter 5 deals concisely with points actually to be measured and where one can find them. Throughout the language is very accessible, making this book a pleasure to read and work with.
In chapter 6 the authors then provide us with a thoughtful introduction to their PRAGMATIC approach which is followed by a chapter with over 150 information security metrics. All these metrics are explained in detail, are easy to understand and thus provide a practical tool ready to use for anybody in need of reference points what and how to "measure security".
The next chapter deals concisely with the "how to". The authors provide a clear and concise explanation of how to design an information security measurement system using their method. In just about 20 pages they manage to make clear what has to go into the system, which reference points are to be considered and how everything can be pulled together in order to be able to create a system which can be easily handled and worked with as required.
The final chapters then provide the readers with more information about using metrics in general and the system of Brotby and Hinson in particular. A case study shows the practical application of the PRAGMATIC system and the final pages provide once more a wealth of helpful tools.
In summary I would like to give the following verdict: Until now I have not come across a book about information security metrics that was so clearly and concisely written. The book is easy to understand and provides a wealth of tools and inputs for anybody having to deal with metrics.
The sample metrics and the very thoughtful insights regarding the creation of an information security metrics system tailor-made for the individual organization hopefully will make this book a standard work. It is clear that the authors have thought a lot about the subject and also have practical experience in the matter, as otherwise this tome would have turned out turgid and technological, something which it clearly is not.
3 of 3 people found the following review helpful.
Good guide for to develop an information security metrics program
By Ben Rothke
Like all books on metrics, early in PRAGMATIC Security Metrics: Applying Metametrics to Information Security authors Krag Brotby and Gary Hinson state that “you can't manage what you can't measure”.
The authors claim that other books on information security metrics discuss number theory and statistics in academic terms. This title promises to be light on mathematics and heavy on utility and is meant as a how-to-do-it guide for security metrics.
Based on that claim, the authors likely had a book such as Data-Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs and Bob Rudis in mind. As Jacobs and Rudis do indeed use statistics extensively in their approach to security metrics.
As to the title, PRAGMATIC is an acronym for the basis of the method of the book, in using metrics that are predictive, relevant, actionable, genuine, meaningful, timely, independent and cost.
One of the benefits of the book is that it provides a method to create quantitative methods for risk, and how to estimate which resources to use to mitigate those identified risks
The authors note that as a consequence of the way the field of information security has developed from IT security, current practice in security metrics seems to be driving by the availability of raw data from firewalls and other systems. But when it comes to measuring security, many organizations completely ignore the nontechnical factors that are often of equal importance to managing information security in a manner that supports the firm’s business objectives. And that is precisely the gap the book is attempting to fix.
Chapter 7 makes up the bulk of the book when it details over 150 different useful metrics in which to use.
For those looking for a book in which to develop their information security metrics program, in PRAGMATIC Security Metrics: Applying Metametrics to Information Security is a valuable reference.
4 of 5 people found the following review helpful.
More than metrics
By Koenraad
This books makes you think about metrics. It is applied to information security, but the line of thinking can easily be extended to many other fields of management. Before offering a rated choice of about 150 metrics, the authors explain a complete methodology on choosing and rating candidate metrics. A must read for those that produce KPI's for senior management, or for senior manager that want to be informed by useful indicators.
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson PDF
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson EPub
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson Doc
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson iBooks
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson rtf
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson Mobipocket
PRAGMATIC Security Metrics: Applying Metametrics to Information Security, by W. Krag Brotby, Gary Hinson Kindle
Tidak ada komentar:
Posting Komentar