Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI
While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization's mission, industry, and size...
Đã lưu trong:
| Tác giả chính: | |
|---|---|
| Định dạng: | Sách |
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1496 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1496 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization's mission, industry, and size will affect the nature and scope of the task as well as the metrics and combinations of metrics appropriate to accomplish it. Finding the correct formula for a specific scenario calls for a clear concise guide with which to navigate this sea of information.
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI defines more than 900 ready to use metrics that measure compliance, resiliency, and return on investment. The author explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The book addresses measuring compliance with current legislation, regulations, and standards in the US, EC, and Canada including Sarbanes-Oxley, HIPAA, and the Data Protection Act-UK. The metrics covered are scaled by information sensitivity, asset criticality, and risk, and aligned to correspond with different lateral and hierarchical functions within an organization. They are flexible in terms of measurement boundaries and can be implemented individually or in combination to assess a single security control, system, network, region, or the entire enterprise at any point in the security engineering lifecycle. The text includes numerous examples and sample reports to illustrate these concepts and stresses a complete assessment by evaluating the interaction and interdependence between physical, personnel, IT, and operational security controls.
Bringing a wealth of complex information into comprehensible focus, this book is ideal for corporate officers, security managers, internal and independent auditors, and system developers and integrators. |
| format |
Book |
| author |
Herrmann, Debra |
| spellingShingle |
Herrmann, Debra Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI |
| author_facet |
Herrmann, Debra |
| author_sort |
Herrmann, Debra |
| title |
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI |
| title_short |
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI |
| title_full |
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI |
| title_fullStr |
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI |
| title_full_unstemmed |
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI |
| title_sort |
complete guide to security and privacy metrics: measuring regulatory compliance, operational resilience, and roi |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1496 |
| _version_ |
1757659402691674112 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-14962009-12-03T08:16:18Z Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI Herrmann, Debra While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization's mission, industry, and size will affect the nature and scope of the task as well as the metrics and combinations of metrics appropriate to accomplish it. Finding the correct formula for a specific scenario calls for a clear concise guide with which to navigate this sea of information. Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI defines more than 900 ready to use metrics that measure compliance, resiliency, and return on investment. The author explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The book addresses measuring compliance with current legislation, regulations, and standards in the US, EC, and Canada including Sarbanes-Oxley, HIPAA, and the Data Protection Act-UK. The metrics covered are scaled by information sensitivity, asset criticality, and risk, and aligned to correspond with different lateral and hierarchical functions within an organization. They are flexible in terms of measurement boundaries and can be implemented individually or in combination to assess a single security control, system, network, region, or the entire enterprise at any point in the security engineering lifecycle. The text includes numerous examples and sample reports to illustrate these concepts and stresses a complete assessment by evaluating the interaction and interdependence between physical, personnel, IT, and operational security controls. Bringing a wealth of complex information into comprehensible focus, this book is ideal for corporate officers, security managers, internal and independent auditors, and system developers and integrators. Introduction Background Purpose Scope How to Get the Most Out of This Book Acknowledgments The "Whats" and "Whys" of Metrics Measurement Basics Data Collection and Validation Defining Measurement Boundaries Whose Metrics? Uses and Limits of Metrics Avoiding the Temptation to Bury Your Organization in Metrics Relation to Risk Management Examples from Reliability Engineering Examples from Safety Engineering Examples from Software Engineering The Universe of Security and Privacy Metrics Measuring Compliance with Security and Privacy Regulations and Standards Financial Industry Gramm-Leach-Bliley (GLB) Act - United States Sarbanes-Oxley Act - United States Healthcare Health Insurance Portability And Accountability Act (HIPAA) - United States Personal Health Information Act (PHIA) - Canada Personal Privacy Organization for Economic Cooperation and Development (OECD) Privacy, Cryptography, and Security Guidelines Data Protection Directive - E.C. Data Protection Act - United Kingdom Personal Information Protection And Electronic Documents Act (PIPEDA) - Canada Privacy Act - United States Homeland Security Federal Information Security Management Act (FISMA) - United States Homeland Security Presidential Directives (HSPDs) - United States North American Electrical Reliability Council (NERC) Cyber Security Standards The Patriot Act - United States Measuring Resilience of Physical, Personnel, IT, and Operational Security Controls Physical Security Personnel Security IT Security Operational Security Measuring Return on Investment (ROI) in Physical, Personnel, IT, and Operational Security Controls Security ROI Model Security ROI Primitives, Metrics, and Reports Appendices A Glossary of Terms, Acronyms, and Abbreviations B Additional Resources: Standards Policies Publications Index 2009-12-03T08:16:18Z 2009-12-03T08:16:18Z 2007 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1496 en application/rar CRC Press |