| Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI | 
| Author: Debra S. Herrmann
Publisher: Auerbach Publications
Category: Book
List Price: $124.95
Buy New: $92.19
You Save: $32.76 (26%)
Buy New/Used from $76.69
Avg. Customer Rating:   (1 reviews)
Sales Rank: 295390
Languages: English (Original Language), English (Unknown), English (Published)
Media: Hardcover
Edition: 1
Number Of Items: 1
Pages: 848
Shipping Weight (lbs): 3.7
Dimensions (in): 10.1 x 7.1 x 1.9
ISBN: 0849354021
Dewey Decimal Number: 005.8
EAN: 9780849354021
ASIN: 0849354021
Publication Date: January 22, 2007
Availability: Usually ships in 1-2 business days
|
| Accessories:
|
| Similar Items:
|
| Editorial Reviews:
Product Description
While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization?s mission, industry, and size will affect the nature and scope of the task as well as the metrics and combinations of metrics appropriate to accomplish it. Finding the correct formula for a specific scenario calls for a clear concise guide with which to navigate this sea of information. Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI defines more than 900 ready to use metrics that measure compliance, resiliency, and return on investment. The author explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The book addresses measuring compliance with current legislation, regulations, and standards in the US, EC, and Canada including Sarbanes-Oxley, HIPAA, and the Data Protection Act-UK. The metrics covered are scaled by information sensitivity, asset criticality, and risk, and aligned to correspond with different lateral and hierarchical functions within an organization. They are flexible in terms of measurement boundaries and can be implemented individually or in combination to assess a single security control, system, network, region, or the entire enterprise at any point in the security engineering lifecycle. The text includes numerous examples and sample reports to illustrate these concepts and stresses a complete assessment by evaluating the interaction and interdependence between physical, personnel, IT, and operational security controls. Bringing a wealth of complex information into comprehensible focus, this book is ideal for corporate officers, security managers, internal and independent auditors, and system developers and integrators.
|
| Customer Reviews:
The Oracle of Metrics (and I am not talking about the company) March 8, 2007
9 out of 10 found this review helpful
***This is a big book full of a lot of facts and figures.*** (Yes a very big book, not a cover to cover book.) 824 pages, 5 chapters and by no means a read it from cover to cover book. The first two chapters, the "Introduction" and "the What's and Whys of Metrics" are the authors interesting and quite knowledgeable overview of the world of operational, personal, physical and IT security metrics. After, the remaining chapters get in-depth. Chapter 3 "Measuring Compliance" goes into great detail about relating the different acts, bills, regulations and directives with various Metrics. Chapter 4 "Measuring Resilience" provides numerous worksheets and questionnaires as well as an abundance of information regarding threats, asset protection, mission protection, audit trails and others. Finally Chapter 5 "Measuring ROI" covers cost, benefits, some case studies and comparative analysis as well again some great worksheets.
A very useful and well organized guide. (Although a bit on the expensive side)
|
|
|
