O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

PRAGMATIC Security Metrics

Book Description

Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.

Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help:

  • Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done
  • Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities
  • Stakeholders, both within and outside the organization, be assured that information security is being competently managed

The PRAGMATIC approach lets you hone in on your problem areas and identify the few metrics that will generate real business value. The book:

  • Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured
  • Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method
  • Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice
  • Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales
  • Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance

In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management including finance, human resources, engineering, and production—in fact any area that suffers a surplus of data but a deficit of useful information.

Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place. http://securitymetametrics.com/

Table of Contents

  1. Front Cover (1/2)
  2. Front Cover (2/2)
  3. Contents (1/2)
  4. Contents (2/2)
  5. Foreword
  6. Preface
  7. Acknowledgments
  8. Office Memorandum
  9. Chapter 1 - Introduction (1/3)
  10. Chapter 1 - Introduction (2/3)
  11. Chapter 1 - Introduction (3/3)
  12. Chapter 2 - Why Measure Information Security? (1/4)
  13. Chapter 2 - Why Measure Information Security? (2/4)
  14. Chapter 2 - Why Measure Information Security? (3/4)
  15. Chapter 2 - Why Measure Information Security? (4/4)
  16. Chapter 3 - The Art and Science of Security Metrics (1/5)
  17. Chapter 3 - The Art and Science of Security Metrics (2/5)
  18. Chapter 3 - The Art and Science of Security Metrics (3/5)
  19. Chapter 3 - The Art and Science of Security Metrics (4/5)
  20. Chapter 3 - The Art and Science of Security Metrics (5/5)
  21. Chapter 4 - Audiences for Security Metrics (1/2)
  22. Chapter 4 - Audiences for Security Metrics (2/2)
  23. Chapter 5 - Finding Candidate Metrics (1/4)
  24. Chapter 5 - Finding Candidate Metrics (2/4)
  25. Chapter 5 - Finding Candidate Metrics (3/4)
  26. Chapter 5 - Finding Candidate Metrics (4/4)
  27. Chapter 6 - Metametrics and the PRAGMATIC Approach (1/8)
  28. Chapter 6 - Metametrics and the PRAGMATIC Approach (2/8)
  29. Chapter 6 - Metametrics and the PRAGMATIC Approach (3/8)
  30. Chapter 6 - Metametrics and the PRAGMATIC Approach (4/8)
  31. Chapter 6 - Metametrics and the PRAGMATIC Approach (5/8)
  32. Chapter 6 - Metametrics and the PRAGMATIC Approach (6/8)
  33. Chapter 6 - Metametrics and the PRAGMATIC Approach (7/8)
  34. Chapter 6 - Metametrics and the PRAGMATIC Approach (8/8)
  35. Chapter 7 - 150+ Example Security Metrics (1/26)
  36. Chapter 7 - 150+ Example Security Metrics (2/26)
  37. Chapter 7 - 150+ Example Security Metrics (3/26)
  38. Chapter 7 - 150+ Example Security Metrics (4/26)
  39. Chapter 7 - 150+ Example Security Metrics (5/26)
  40. Chapter 7 - 150+ Example Security Metrics (6/26)
  41. Chapter 7 - 150+ Example Security Metrics (7/26)
  42. Chapter 7 - 150+ Example Security Metrics (8/26)
  43. Chapter 7 - 150+ Example Security Metrics (9/26)
  44. Chapter 7 - 150+ Example Security Metrics (10/26)
  45. Chapter 7 - 150+ Example Security Metrics (11/26)
  46. Chapter 7 - 150+ Example Security Metrics (12/26)
  47. Chapter 7 - 150+ Example Security Metrics (13/26)
  48. Chapter 7 - 150+ Example Security Metrics (14/26)
  49. Chapter 7 - 150+ Example Security Metrics (15/26)
  50. Chapter 7 - 150+ Example Security Metrics (16/26)
  51. Chapter 7 - 150+ Example Security Metrics (17/26)
  52. Chapter 7 - 150+ Example Security Metrics (18/26)
  53. Chapter 7 - 150+ Example Security Metrics (19/26)
  54. Chapter 7 - 150+ Example Security Metrics (20/26)
  55. Chapter 7 - 150+ Example Security Metrics (21/26)
  56. Chapter 7 - 150+ Example Security Metrics (22/26)
  57. Chapter 7 - 150+ Example Security Metrics (23/26)
  58. Chapter 7 - 150+ Example Security Metrics (24/26)
  59. Chapter 7 - 150+ Example Security Metrics (25/26)
  60. Chapter 7 - 150+ Example Security Metrics (26/26)
  61. Chapter 8 - Designing PRAGMATIC Security Measurement System (1/5)
  62. Chapter 8 - Designing PRAGMATIC Security Measurement System (2/5)
  63. Chapter 8 - Designing PRAGMATIC Security Measurement System (3/5)
  64. Chapter 8 - Designing PRAGMATIC Security Measurement System (4/5)
  65. Chapter 8 - Designing PRAGMATIC Security Measurement System (5/5)
  66. Chapter 9 - Advanced Information Security Metrics (1/3)
  67. Chapter 9 - Advanced Information Security Metrics (2/3)
  68. Chapter 9 - Advanced Information Security Metrics (3/3)
  69. Chapter 10 - Downsides of Metrics (1/2)
  70. Chapter 10 - Downsides of Metrics (2/2)
  71. Chapter 11 - Using PRAGMATIC Metrics in Practice (1/7)
  72. Chapter 11 - Using PRAGMATIC Metrics in Practice (2/7)
  73. Chapter 11 - Using PRAGMATIC Metrics in Practice (3/7)
  74. Chapter 11 - Using PRAGMATIC Metrics in Practice (4/7)
  75. Chapter 11 - Using PRAGMATIC Metrics in Practice (5/7)
  76. Chapter 11 - Using PRAGMATIC Metrics in Practice (6/7)
  77. Chapter 11 - Using PRAGMATIC Metrics in Practice (7/7)
  78. Chapter 12 - Case Study (1/9)
  79. Chapter 12 - Case Study (2/9)
  80. Chapter 12 - Case Study (3/9)
  81. Chapter 12 - Case Study (4/9)
  82. Chapter 12 - Case Study (5/9)
  83. Chapter 12 - Case Study (6/9)
  84. Chapter 12 - Case Study (7/9)
  85. Chapter 12 - Case Study (8/9)
  86. Chapter 12 - Case Study (9/9)
  87. Chapter 13 - Conclusions (1/3)
  88. Chapter 13 - Conclusions (2/3)
  89. Chapter 13 - Conclusions (3/3)
  90. Appendix A: PRAGMATIC Criteria
  91. Appendix B: Business Model of Information Security (BMIS)
  92. Appendix C: Capability Maturity Model (CMM)
  93. Appendix D: Example Opinion Survey Form
  94. Appendix E: SABSA Security Attributes Table (1/4)
  95. Appendix E: SABSA Security Attributes Table (2/4)
  96. Appendix E: SABSA Security Attributes Table (3/4)
  97. Appendix E: SABSA Security Attributes Table (4/4)
  98. Appendix F: Prototype Metrics Catalog (1/4)
  99. Appendix F: Prototype Metrics Catalog (2/4)
  100. Appendix F: Prototype Metrics Catalog (3/4)
  101. Appendix F: Prototype Metrics Catalog (4/4)
  102. Appendix G: Effect of Weighting the PRAGMATIC Criteria
  103. Appendix H: ISO27k Maturity Scale Metrics (1/9)
  104. Appendix H: ISO27k Maturity Scale Metrics (2/9)
  105. Appendix H: ISO27k Maturity Scale Metrics (3/9)
  106. Appendix H: ISO27k Maturity Scale Metrics (4/9)
  107. Appendix H: ISO27k Maturity Scale Metrics (5/9)
  108. Appendix H: ISO27k Maturity Scale Metrics (6/9)
  109. Appendix H: ISO27k Maturity Scale Metrics (7/9)
  110. Appendix H: ISO27k Maturity Scale Metrics (8/9)
  111. Appendix H: ISO27k Maturity Scale Metrics (9/9)
  112. Appendix I: Sample Management Survey
  113. Appendix J: Observer Bias
  114. Appendix K: Observer Calibration
  115. Appendix L: Bibliography
  116. Back Cover