I still have to finish the security book lying on my desk but I wanted to give a sneak peak of the next book in line: Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise.
Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization’s unique requirements. You’ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management.
In related news, this draft just got released: NIST Special Publication 800-55 Revision 1 - Performance Measurement Guide for Information Security (Draft)
This document is a guide to assist in the development, selection, and implementation of measures to be used at the information system and program levels. This guide indicates the effectiveness of security controls applied to information systems and supporting information security programs.
Bonus: The Four Dirty Questions of Measuring Information Security (Intel.com)
BONUS (12/10/2007): A Guide to Security Metrics - This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment