Measures and Metrics in Corporate Security

Measures and Metrics in Corporate Security
Author: George Campbell
Publsiher: Elsevier
Total Pages: 176
Release: 2014-04-02
ISBN 10: 012800715X
ISBN 13: 9780128007150
Language: EN, FR, DE, ES & NL

Measures and Metrics in Corporate Security Book Review:

The revised second edition of Measures and Metrics in Corporate Security is an indispensable guide to creating and managing a security metrics program. Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book shows how to improve security’s bottom line and add value to the business. It provides a variety of organizational measurements, concepts, metrics, indicators and other criteria that may be employed to structure measures and metrics program models appropriate to the reader’s specific operations and corporate sensitivities. There are several hundred examples of security metrics included in Measures and Metrics in Corporate Security, which are organized into categories of security services to allow readers to customize metrics to meet their operational needs. Measures and Metrics in Corporate Security is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Describes the basic components of a metrics program, as well as the business context for metrics Provides guidelines to help security managers leverage the volumes of data their security operations already create Identifies the metrics security executives have found tend to best serve security’s unique (and often misunderstood) missions Includes 375 real examples of security metrics across 13 categories

Measures and Metrics in Corporate Security

Measures and Metrics in Corporate Security
Author: George Campbell
Publsiher: Unknown
Total Pages: 168
Release: 2006
ISBN 10: 9781934385005
ISBN 13: 193438500X
Language: EN, FR, DE, ES & NL

Measures and Metrics in Corporate Security Book Review:

Measures and Metrics in Corporate Security

Measures and Metrics in Corporate Security
Author: George Campbell
Publsiher: Elsevier Science Limited
Total Pages: 145
Release: 2014
ISBN 10: 9780128006887
ISBN 13: 0128006889
Language: EN, FR, DE, ES & NL

Measures and Metrics in Corporate Security Book Review:

"Originally published by the Security Executive Council in 2006."

Building a Security Measures and Metrics Program

Building a Security Measures and Metrics Program
Author: George Campbell
Publsiher: Unknown
Total Pages: 135
Release: 2013
ISBN 10: 9781299657120
ISBN 13: 1299657125
Language: EN, FR, DE, ES & NL

Building a Security Measures and Metrics Program Book Review:

Building a Security Measures and Metrics Program discusses the need for and benefits of a corporate security measures and metrics program. This 40-minute video presentation of narrated slides makes the case for a security metrics program: metrics provide invaluable insight on program effectiveness, the means to influence business strategy and policy, and the ability to demonstrate the value of security services to business leaders.

PRAGMATIC Security Metrics

PRAGMATIC Security Metrics
Author: W. Krag Brotby,Gary Hinson
Publsiher: CRC Press
Total Pages: 512
Release: 2016-04-19
ISBN 10: 1439881537
ISBN 13: 9781439881538
Language: EN, FR, DE, ES & NL

PRAGMATIC Security Metrics Book Review:

Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics. Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help: Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities Stakeholders, both within and outside the organization, be assured that information security is being competently managed The PRAGMATIC approach lets you hone in on your problem areas and identify the few metrics that will generate real business value. The book: Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management including finance, human resources, engineering, and production—in fact any area that suffers a surplus of data but a deficit of useful information. Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place. http://securitymetametrics.com/

Network Security Metrics

Network Security Metrics
Author: Lingyu Wang,Sushil Jajodia,Anoop Singhal
Publsiher: Springer
Total Pages: 207
Release: 2017-11-15
ISBN 10: 3319665057
ISBN 13: 9783319665054
Language: EN, FR, DE, ES & NL

Network Security Metrics Book Review:

This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC). Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text.

Measuring and Communicating Security s Value

Measuring and Communicating Security s Value
Author: George Campbell
Publsiher: Elsevier
Total Pages: 226
Release: 2015-03-28
ISBN 10: 0128028432
ISBN 13: 9780128028438
Language: EN, FR, DE, ES & NL

Measuring and Communicating Security s Value Book Review:

In corporate security today, while the topic of information technology (IT) security metrics has been extensively covered, there are too few knowledgeable contributions to the significantly larger field of global enterprise protection. Measuring and Communicating Security’s Value addresses this dearth of information by offering a collection of lessons learned and proven approaches to enterprise security management. Authored by George Campbell, emeritus faculty of the Security Executive Council and former chief security officer of Fidelity Investments, this book can be used in conjunction with Measures and Metrics in Corporate Security, the foundational text for security metrics. This book builds on that foundation and covers the why, what, and how of a security metrics program, risk reporting, insider risk, building influence, business alignment, and much more. Emphasizes the importance of measuring and delivering actionable results Includes real world, practical examples that may be considered, applied, and tested across the full scope of the enterprise security mission Organized to build on a principal theme of having metrics that demonstrate the security department’s value to the corporation

Security Metrics

Security Metrics
Author: Andrew Jaquith
Publsiher: Pearson Education
Total Pages: 336
Release: 2007-03-26
ISBN 10: 9780132715775
ISBN 13: 0132715775
Language: EN, FR, DE, ES & NL

Security Metrics Book Review:

The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security Operations Security Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise. Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith’s extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You’ll learn how to: • Replace nonstop crisis response with a systematic approach to security improvement • Understand the differences between “good” and “bad” metrics • Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk • Quantify the effectiveness of security acquisition, implementation, and other program activities • Organize, aggregate, and analyze your data to bring out key insights • Use visualization to understand and communicate security issues more clearly • Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources • Implement balanced scorecards that present compact, holistic views of organizational security effectiveness

Metrics and Methods for Security Risk Management

Metrics and Methods for Security Risk Management
Author: Carl Young
Publsiher: Syngress
Total Pages: 296
Release: 2010-08-21
ISBN 10: 9781856179799
ISBN 13: 1856179796
Language: EN, FR, DE, ES & NL

Metrics and Methods for Security Risk Management Book Review:

Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem. Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful. Offers an integrated approach to assessing security risk Addresses homeland security as well as IT and physical security issues Describes vital safeguards for ensuring true business continuity

Information Security Management Metrics

Information Security Management Metrics
Author: W. Krag Brotby, CISM
Publsiher: CRC Press
Total Pages: 200
Release: 2009-03-30
ISBN 10: 9781420052862
ISBN 13: 1420052861
Language: EN, FR, DE, ES & NL

Information Security Management Metrics Book Review:

Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions: How secure is my organization? How much security is enough? What are the most cost-effective security solutions? How secure is my organization? You can’t manage what you can’t measure This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization’s business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response. The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit. With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.

Security Leader Insights for Success

Security Leader Insights for Success
Author: Dave Komendat
Publsiher: Elsevier
Total Pages: 140
Release: 2014-03-06
ISBN 10: 012800908X
ISBN 13: 9780128009086
Language: EN, FR, DE, ES & NL

Security Leader Insights for Success Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Success, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on leadership issues. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Security Leader Insights for Success is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

From Corporate Security to Commercial Force

From Corporate Security to Commercial Force
Author: Marko Cabric
Publsiher: Butterworth-Heinemann
Total Pages: 240
Release: 2017-05-23
ISBN 10: 0128051507
ISBN 13: 9780128051504
Language: EN, FR, DE, ES & NL

From Corporate Security to Commercial Force Book Review:

From Corporate Security to Commercial Force: A Business Leader’s Guide to Security Economics addresses important issues, such as understanding security related costs, the financial advantages of security, running an efficient security organization, and measuring the impact of incidents and losses. The book guides readers in identifying, understanding, quantifying, and measuring the direct and economic benefits of security for a business, its processes, products, and consequently, profits. It quantifies the security function and explains the never-before analyzed tangible advantages of security for core business processes. Topics go far beyond simply proving that security is an expense for a company by providing business leaders and sales and marketing professionals with actual tools that can be used for advertising products, improving core services, generating sales, and increasing profits. Highlights and offers insight on issues such as the role of security in advertising and its actual marketing appeal and sales potential Features tools that can be implemented by readers in order to improve key business processes Offers advice for improving key business processes, improving the reputation of the company, the marketing appeal of products, (or services) and helping to increase sales

Complete Guide to Security and Privacy Metrics

Complete Guide to Security and Privacy Metrics
Author: Debra S. Herrmann
Publsiher: CRC Press
Total Pages: 848
Release: 2007-01-22
ISBN 10: 1420013289
ISBN 13: 9781420013283
Language: EN, FR, DE, ES & NL

Complete Guide to Security and Privacy Metrics Book Review:

While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization's mission, industry, and size will affect the nature and scope of the task as well as

Strategic Security

Strategic Security
Author: Jean Perois
Publsiher: CRC Press
Total Pages: 205
Release: 2019-04-23
ISBN 10: 1351123440
ISBN 13: 9781351123440
Language: EN, FR, DE, ES & NL

Strategic Security Book Review:

Strategic Security will help security managers, and those aspiring to the position, to think strategically about their job, the culture of their workplace, and the nature of security planning and implementation. Security professionals tend to focus on the immediate (the urgent) rather than the important and essential—too often serving as "firefighters" rather than strategists. This book will help professionals consider their roles, and structure their tasks through a strategic approach without neglecting their career objectives. Few security management books for professionals in the field focus on corporate or industrial security from a strategic perspective. Books on the market normally provide "recipes," methods or guidelines to develop, plans, policies or procedures. However, many do so without taking into account the personal element that is supposed to apply these methods. In this book, the authors helps readers to consider their own career development in parallel with establishing their organisation security programme. This is fundamental to becoming, and serving as, a quality, effective manager. The element of considering career objectives as part-and-parcel to this is both unique to only this book and vital for long-term career success. The author delineates what makes strategic thinking different in a corporate and security environment. While strategy is crucial in the running of a company, the traditional attitude towards security is that it has to fix issues quickly and at low cost. This is an attitude that no other department would tolerate, but because of its image, security departments sometimes have major issues with buy-in and from top-management. The book covers the necessary level of strategic thinking to put their ideas into practice. Once this is achieved, the strategic process is explained, including the need to build the different steps into this process—and into the overarching business goals of the organisation—will be demonstrated. The book provides numerous hand-on examples of how to formulate and execute the strategic master plan for the organization. The authors draws on his extensive experience and successes to serve as a valuable resource to all security professionals looking to advance their careers in the field.

Directions in Security Metrics Research

Directions in Security Metrics Research
Author: Wayne Jansen
Publsiher: DIANE Publishing
Total Pages: 21
Release: 2010-02
ISBN 10: 1437924514
ISBN 13: 9781437924510
Language: EN, FR, DE, ES & NL

Directions in Security Metrics Research Book Review:

Information security metrics are seen as an important factor in making sound decisions about various aspects of security, ranging from the design of security architectures and controls to the effectiveness and efficiency of security operations. Security metrics strive to offer a quantitative and objective basis for security assurance. During the last few decades, researchers have made various attempts to develop measures and systems of measurement for computer security with varying degrees of success. This paper provides an overview of the security metrics area and looks at possible avenues of research that could be pursued to advance the state of the art.

Creating an Information Security Program from Scratch

Creating an Information Security Program from Scratch
Author: Walter Williams
Publsiher: CRC Press
Total Pages: 222
Release: 2021-09-15
ISBN 10: 1000449769
ISBN 13: 9781000449761
Language: EN, FR, DE, ES & NL

Creating an Information Security Program from Scratch Book Review:

This book is written for the first security hire in an organization, either an individual moving into this role from within the organization or hired into the role. More and more, organizations are realizing that information security requires a dedicated team with leadership distinct from information technology, and often the people who are placed into those positions have no idea where to start or how to prioritize. There are many issues competing for their attention, standards that say do this or do that, laws, regulations, customer demands, and no guidance on what is actually effective. This book offers guidance on approaches that work for how you prioritize and build a comprehensive information security program that protects your organization. While most books targeted at information security professionals explore specific subjects with deep expertise, this book explores the depth and breadth of the field. Instead of exploring a technology such as cloud security or a technique such as risk analysis, this book places those into the larger context of how to meet an organization's needs, how to prioritize, and what success looks like. Guides to the maturation of practice are offered, along with pointers for each topic on where to go for an in-depth exploration of each topic. Unlike more typical books on information security that advocate a single perspective, this book explores competing perspectives with an eye to providing the pros and cons of the different approaches and the implications of choices on implementation and on maturity, as often a choice on an approach needs to change as an organization grows and matures.

How to Measure Anything in Cybersecurity Risk

How to Measure Anything in Cybersecurity Risk
Author: Douglas W. Hubbard,Richard Seiersen
Publsiher: John Wiley & Sons
Total Pages: 304
Release: 2016-07-25
ISBN 10: 1119085292
ISBN 13: 9781119085294
Language: EN, FR, DE, ES & NL

How to Measure Anything in Cybersecurity Risk Book Review:

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

The Manager s Handbook for Business Security

The Manager s Handbook for Business Security
Author: George Campbell
Publsiher: Elsevier
Total Pages: 296
Release: 2014-03-07
ISBN 10: 012800200X
ISBN 13: 9780128002001
Language: EN, FR, DE, ES & NL

The Manager s Handbook for Business Security Book Review:

The Manager’s Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an exhaustive textbook on the fundamentals of security; rather, it is a series of short, focused subjects that inspire the reader to lead and develop more effective security programs. Chapters are organized by topic so readers can easily—and quickly—find the information they need in concise, actionable, and practical terms. This book challenges readers to critically evaluate their programs and better engage their business leaders. It covers everything from risk assessment and mitigation to strategic security planning, information security, physical security and first response, business conduct, business resiliency, security measures and metrics, and much more. The Manager’s Handbook for Business Security is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Chapters are organized by short, focused topics for easy reference Provides actionable ideas that experienced security executives and practitioners have shown will add value to the business and make the manager a more effective leader Takes a strategic approach to managing the security program, including marketing the program to senior business leadership and aligning security with business objectives

From One Winning Career to the Next

From One Winning Career to the Next
Author: J. David Quilter
Publsiher: Newnes
Total Pages: 148
Release: 2013-03-26
ISBN 10: 0124116094
ISBN 13: 9780124116092
Language: EN, FR, DE, ES & NL

From One Winning Career to the Next Book Review:

In From One Winning Career to the Next, author J. David Quilter expertly guides the security professional through the corporate landscape. Having transitioned into the private sector from a long career in public service with the DEA, Quilter offers valuable perspective on the differences in culture and priorities between the public and private sectors, and how those differences can affect efforts in organizational security. Readers will benefit from the author’s insights on researching and joining a new organization, exploring a business’ structure and culture, and getting to know the executives and leaders within a business. Chapters contain practical advice on specific challenges (crisis management, assaultive behavior, threats to corporate assets, etc.), forming an effective team, and making a business case to gain executive support for a security agenda. This book is vital background for security professionals considering career changes. It will also aid those in established positions in their efforts to communicate, strategize, and implement security programs and goals within a business. From One Winning Career to the Next is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Provides tips for all aspects of a career change, including narrowing the job search, preparing for an interview, presenting yourself in an interview, researching a company, and evaluating a position Prepares security leaders for specific challenges they may face during the transition into a new position Includes easily adaptable, on-the-job lessons for a newly hired security leader

Discerning President Obama s National Security Strategy

Discerning President Obama s National Security Strategy
Author: Kristen Boon
Publsiher: Oceana Publications
Total Pages: 624
Release: 2010
ISBN 10: 0199758204
ISBN 13: 9780199758203
Language: EN, FR, DE, ES & NL

Discerning President Obama s National Security Strategy Book Review:

Volume 112 of Terrorism: Commentary on Security Documents, Discerning President Obama's National Defense Strategy, makes available documents from the first fifteen months of the Obama administration that provide insights into its developing national defense strategy. Included are documents specifically relating to the U.S. Department of Defense and the nation's armed forces. Included is the February 2010 Quadrennial Defense Review Report of the Department of Defense, one of the most significant documents providing insight into the defense component of national security. General Editor Douglas Lovelace, an expert in U.S. military matters, elucidates the complexities of military spending and of counter-insurgency tactics. Also included are reports detailing the strategy and performance of government agencies involved in the security effort, such as the Department of Homeland Security. These reports shed light on internal department assessments as well as external evaluations. Finally, strategy documents produced by the U.S. armed forces describe the national security policy being implemented by the nation's senior military leaders. Researchers will benefit from the focused and comprehensive nature of these reports.