|
||||||||||||||||||||
|
||||||||||||||||||||
|
||||||||||||||||||||
IT Security Metrics
und über 1 Million weitere Bücher verfügbar für Amazon Kindle .
Erfahren Sie mehr
| |||||||||||||||
Wird oft zusammen gekauft
Produktinformation
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
Ist der Verkauf dieses Produkts für Sie nicht akzeptabel? |
Mehr über den Autor
Entdecken Sie Bücher, lesen Sie über Autoren und mehr
› Besuchen Sie die Seite von Lance Hayden auf Amazon
› Besuchen Sie die Seite von Lance Hayden auf Amazon
Produktbeschreibungen
Kurzbeschreibung
Implement an effective security metrics project or program. 'Disperses myths while illuminating truths, pointing towards better ways for IT to conceptualize, implement, and articulate the value proposition of security activities and investments! Clearly grounded in foundational concepts of risk management, decision support, and basic economics! Abounds with practical examples, anecdotes, metaphors, crisp descriptions of difficult concepts, comparisons with other industries, and a just plain entertaining writing style that won't strain your attention span! The relevance, information density, and readability of this book is top-notch! I strongly recommend it to anyone who is passionate and serious about protecting digital assets with better precision and effectiveness' - Joel Scambray, Co-Author, "Hacking Exposed", and CEO of Consciere. "IT Security Metrics" provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You'll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide. Define security metrics as a manageable amount of usable data. Design effective security metrics. Understand quantitative and qualitative data, data sources, and collection and normalization methods. Implement a programmatic approach to security using the Security Process Management Framework. Analyze security metrics data using quantitative and qualitative methods. Design a security measurement project for operational analysis of security metrics. Measure security operations, compliance, cost and value, and people, organizations, and culture. Manage groups of security measurement projects using the Security Improvement Program. Apply organizational learning methods to security metrics.
Über den Autor
Lance Hayden, Ph.D., CISSP, CISM, is a Solutions Architect and Information Scientist with Cisco System's World Wide Security Practice where he helps Cisco's customers make informed decisions about their security operations. In addition to his private sector experience, he teaches at the University of Texas and is a former HUMINT officer with the Central Intelligence Agency.
Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?
In diesem Buch
(Mehr dazu)
Ausgewählte Seiten ansehen
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Tags(Was ist das?)Bei einem Tag handelt es sich um ein Schlagwort, das zum Produkt passt.
Tags erleichtern allen Kunden die Suche und die Sortierung ihrer Lieblingsprodukte. |
Kundenrezensionen
Die hilfreichsten Kundenrezensionen
Format:Kindle Edition|Von Amazon bestätigter Kauf
Heyden stellt in seinem Buch ein Rahmenwerk für die Messung und Bewertung der Informationssicherheit vor. Das Rahmenwerk ' das Security Process Management Framework - besteht aus ausführlich im Buch behandelten Aspekten, u.a.:
- Definition und Design von Metriken für Informationssicherheit gemäß Goal-Question-Paradigma mit zahlreichen Beispielen.
- Diskussion und Ableitung einer Metrik-basierten Bewertung der Compliance und Konformität mit den für Informationssicherheit relevanten Standards und Normen.
- Einführung in die statistischen Grundlagen der Datenanalyse.
- Design, Aufbau und Betrieb eines Security Measurement Project (SMP) wird mit einem Model zur ständigen Verbesserung der Informationssicherheit, dem sog. Security Improvement Programm, verknüpft.
Das Buch bietet einen umfassenden Ansatz zur Messung von Risiken und Bedrohungen in der Informationssicherheit. Gleichzeitig beschreibt es Strategien und Methoden zur Messung der Wirksamkeit von Prozessen und Maßnahmen zur Gewährleistung von Datensicherheit. Der analytisch-methodische Teil ist um eine Diskussion aktueller Standards ergänzt.
Dem interessierten Leser empfiehlt sich an dieser Stelle auch der deutschsprachige Titel "Metriken - der Schlüssel zum erfolgreichen Security und Compliance Monitoring: Design, Implementierung und Validierung in der Praxis".
- Definition und Design von Metriken für Informationssicherheit gemäß Goal-Question-Paradigma mit zahlreichen Beispielen.
- Diskussion und Ableitung einer Metrik-basierten Bewertung der Compliance und Konformität mit den für Informationssicherheit relevanten Standards und Normen.
- Einführung in die statistischen Grundlagen der Datenanalyse.
- Design, Aufbau und Betrieb eines Security Measurement Project (SMP) wird mit einem Model zur ständigen Verbesserung der Informationssicherheit, dem sog. Security Improvement Programm, verknüpft.
Das Buch bietet einen umfassenden Ansatz zur Messung von Risiken und Bedrohungen in der Informationssicherheit. Gleichzeitig beschreibt es Strategien und Methoden zur Messung der Wirksamkeit von Prozessen und Maßnahmen zur Gewährleistung von Datensicherheit. Der analytisch-methodische Teil ist um eine Diskussion aktueller Standards ergänzt.
Dem interessierten Leser empfiehlt sich an dieser Stelle auch der deutschsprachige Titel "Metriken - der Schlüssel zum erfolgreichen Security und Compliance Monitoring: Design, Implementierung und Validierung in der Praxis".
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com:
4 Rezensionen
12 von 13 Kunden fanden die folgende Rezension hilfreich
Fresh, compelling take on information security metrics
22. August 2010
Format:Taschenbuch
I was not sure what to expect as I started reading IT Security Metrics (ISM). I had just discarded another new book, published in July 2010, supposedly about security metrics but really about nothing useful to anyone anchored in the operational IT world. Would ISM be another disappointment? Since Andrew Jaquith published Security Metrics in 2007, no other book had appeared to help security professionals measure their worlds. Thankfully, I can strongly recommend Lance Hayden's ISM as a very strong contributor to the discussion on security metrics. ISM's subtitle, "A Practical Framework for Measuring Security & Protecting Data," really does explain the purpose and value of this great new book.
One aspect of ISM that made a distinct impression was its justification of qualitative measurement. It's fashionable in the security metrics community to focus almost exclusively on quantitative measurement. This usually means focusing on data that is already in numeric form. One of the primary lessons in ISM is that qualitative data has immense value. The challenge is rendering qualitative data in a form that can be counted. On p 141 Hayden says "the heart of qualitative analytical techniques is the concept of coding, or assigning themes and categories to the data and increasingly specific levels of analysis." Hayden explains how to perform this analysis, as well as how to incorporate other crucial data sources such as process maps and documentation. While I was familiar with this approach I had basically discounted it due to the prevailing mindset in the security metrics community. Now I will try to incorporate qualitative analysis my metrics program.
ISM also succeeds by helping the reader focus on simple yet effective approaches such as Goal - Question - Metric. Many of us jump straight to "metric" and then try to imagine what question the metric is supposed to answer and what goal is served. I also very much appreciated Hayden's focus on information security as a *business process* and not a way to achieve a "state." No one asks "how HR are we today?" like someone might ask "how secure are we today?"
I will conclude my endorsement of ISM by noting that I thought the honest discussion in some case studies was very powerful. For example, in chapter 3 Cisco admitted having 1000 bot victims and a four month period where their network monitoring platform missed traffic, due to SPAN port misconfiguration! You don't usually see that level of detail and "naming names" in security books, so I applaud the authors.
Overall, if you want to introduce a comprehensive security metrics program in your environment, ISM will very skillfully offer one way to accomplish that goal. It's immensely practical and grounded in reality, and it will help you.
One aspect of ISM that made a distinct impression was its justification of qualitative measurement. It's fashionable in the security metrics community to focus almost exclusively on quantitative measurement. This usually means focusing on data that is already in numeric form. One of the primary lessons in ISM is that qualitative data has immense value. The challenge is rendering qualitative data in a form that can be counted. On p 141 Hayden says "the heart of qualitative analytical techniques is the concept of coding, or assigning themes and categories to the data and increasingly specific levels of analysis." Hayden explains how to perform this analysis, as well as how to incorporate other crucial data sources such as process maps and documentation. While I was familiar with this approach I had basically discounted it due to the prevailing mindset in the security metrics community. Now I will try to incorporate qualitative analysis my metrics program.
ISM also succeeds by helping the reader focus on simple yet effective approaches such as Goal - Question - Metric. Many of us jump straight to "metric" and then try to imagine what question the metric is supposed to answer and what goal is served. I also very much appreciated Hayden's focus on information security as a *business process* and not a way to achieve a "state." No one asks "how HR are we today?" like someone might ask "how secure are we today?"
I will conclude my endorsement of ISM by noting that I thought the honest discussion in some case studies was very powerful. For example, in chapter 3 Cisco admitted having 1000 bot victims and a four month period where their network monitoring platform missed traffic, due to SPAN port misconfiguration! You don't usually see that level of detail and "naming names" in security books, so I applaud the authors.
Overall, if you want to introduce a comprehensive security metrics program in your environment, ISM will very skillfully offer one way to accomplish that goal. It's immensely practical and grounded in reality, and it will help you.
4 von 4 Kunden fanden die folgende Rezension hilfreich
Powerful, practical and actionable
19. Oktober 2010
Format:Kindle Edition|Von Amazon bestätigter Kauf
I've been running a security program for over 10 years and once in a while a book or reference comes along that truly helps me in my work.
Lance Hayden's "IT Security Metrics" is one of those. My expectations were not terribly high as I've found most other metrics materials quickly devolve into near academic debate fodder. Thankfully in being able to preview a sample on the Kindle I was sold pretty quickly.
There is a prescriptive quality to the book that makes me stop as I'm reading to make notes and begin working on them. Despite his exhaustive academic background it seems Mr. Hayden also has a very solid real-world experience and blends the two in a way that I do not often see. Therein lays the value of this book in my opinion. Rather than simply telling us how to continue to slog through the daily barrage, or taking a highly ethereal, idealistic high ground position, this book describes in practical terms how we as security practitioners can systematically improve.
More importantly Mr. Hayden puts this improvement process purely in the context of the business we are there to support. Far too often security authors seem indifferent to the business implications of the art that we practice.
If you are looking for an A to Z checklist, this isn't for you. If you are an experienced IT security person then the methods and approach Lance Hayden suggests will take immediate root. It quite simply makes sense. There are some books that I have to force myself to pick up, this is one of those that I have to force myself to put down.
My only suggestion to Mr. Hayden -- turn this into a workshop!
Lance Hayden's "IT Security Metrics" is one of those. My expectations were not terribly high as I've found most other metrics materials quickly devolve into near academic debate fodder. Thankfully in being able to preview a sample on the Kindle I was sold pretty quickly.
There is a prescriptive quality to the book that makes me stop as I'm reading to make notes and begin working on them. Despite his exhaustive academic background it seems Mr. Hayden also has a very solid real-world experience and blends the two in a way that I do not often see. Therein lays the value of this book in my opinion. Rather than simply telling us how to continue to slog through the daily barrage, or taking a highly ethereal, idealistic high ground position, this book describes in practical terms how we as security practitioners can systematically improve.
More importantly Mr. Hayden puts this improvement process purely in the context of the business we are there to support. Far too often security authors seem indifferent to the business implications of the art that we practice.
If you are looking for an A to Z checklist, this isn't for you. If you are an experienced IT security person then the methods and approach Lance Hayden suggests will take immediate root. It quite simply makes sense. There are some books that I have to force myself to pick up, this is one of those that I have to force myself to put down.
My only suggestion to Mr. Hayden -- turn this into a workshop!
3 von 3 Kunden fanden die folgende Rezension hilfreich
One of the two best security metrics books
3. März 2011
Format:Taschenbuch
There are, as it turns out, more than few books on security metrics, but only this one (and Andrew Jaquith's) are worth reading. This one is actually well-written, insightful AND useful - yes, all three. At times it goes into high concepts and methods (useful to know) and at times it is useful on a pretty much daily basis. If you plan to measure your security, get this book!
Waren diese Rezensionen hilfreich?
Wir wollen von Ihnen hören.
Kunden diskutieren
|
Das Forum zu diesem Produkt
Fragen stellen, Meinungen austauschen, Einblicke gewinnen Aktive Diskussionen in ähnlichen Foren
Kundendiskussionen durchsuchen
|
Ähnliche Foren
|
||||||||||||||||||||||||||||||||||
Lieblingslisten
Ähnliche Artikel finden
Anhand des Sachgebietes nach ähnlichen Produkten suchen:
Ihr Kommentar
Möchten Sie die Produktinformationen aktualisieren oder Feedback zu den Produktabbildungen geben?
|
