CHAPTER 11How Well Are My Security Investments Working Together?

In Chapter 10, we shared an operational security‐metrics maturity model. The model started with sparse data analytics. That really is the main theme of this book: “How to measure and then decide on what to invest in when you have a lot of uncertainty caused by limited empirical data.” Chapters 8 and 9 represent the main modeling techniques used in sparse data analytics. The goal is to make the best decision given the circumstances. And as you may recall, a decision is an “irrevocable allocation of resources.” In short, you know you've made a decision when you have written a check. Is measurement all over once you have made an investment? Certainly not!

What do you measure once you have made a decision (i.e., an investment)? You determine if your investment is meeting the performance goals you have set for it. For the security professional this is the realm of functional security metrics. Once you have made a security investment, you need to measure how well that investment is doing against certain targets. That target is often considered a KPI. We covered advanced measurement techniques encompassed in the baseline objectives and optimization measurements (BOOM) framework. This framework is detailed in Seiersen's The Metrics Manifesto: Confronting Security With Data.

Assuming you have made a serious outlay of cash, this would warrant some form of continuous “automated” measurement for optimization purposes. Likely ...

Get How to Measure Anything in Cybersecurity Risk, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.