Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement [Hardcover]

W. Krag Brotby CISM (Author)

Price:	CDN$ 81.95 & this item ships for FREE with Super Saver Shipping. Details
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In Stock.
Ships from and sold by Amazon.ca. Gift-wrap available.

Only 2 left in stock--order soon (more on the way).

Want it delivered Monday, May 28? Choose One-Day Shipping at checkout.

	Amazon Price	New from	Used from
Hardcover	CDN $81.95	--	--
See # more hardcovers

Product Details

Hardcover: 200 pages
Publisher: Auerbach Publications; 1 edition (Mar 30 2009)
Language: English
ISBN-10: 1420052853
ISBN-13: 978-1420052855
Product Dimensions: 23.6 x 15.2 x 1.3 cm
Shipping Weight: 476 g
Amazon Bestsellers Rank: #412,574 in Books (See Top 100 in Books)

Would you like to update product info or give feedback on images?

See Complete Table of Contents

Product Description

Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical.

Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions:

How secure is my organization?

How much security is enough?

What are the most cost-effective security solutions?

How secure is my organization?

You can’t manage what you can’t measure

This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization’s business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response.

The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit.

With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.

About the Author

Enterprise Security Architect, Thousand Oaks, California,

Inside This Book (Learn More)

Tag this product

(What's this?)

Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items.

Customer Reviews

There are no customer reviews yet on Amazon.ca

5 star:		(0)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Share your experience with this product with others

Create your own review

Most Helpful Customer Reviews on Amazon.com ^(beta)

Amazon.com: 5.0 out of 5 stars (1 customer review)

3 of 3 people found the following review helpful

5.0 out of 5 stars Conceptual framework for a tough topic, Nov 22 2010

By Dr. G. Hinson "Gary" - Published on Amazon.com

Amazon Verified Purchase(What's this?)

This review is from: Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement (Hardcover)

Measuring information security is the greatest remaining challenge for many of us. Metrics are essential for a scientific management approach, rather than relying purely on gut feel and guesswork. Standards such as ISO/IEC 27001 require the use of objective information about the status and effectiveness of information security controls in relation to the risks, in order to drive appropriate improvements in the Information Security Management System. However, it is not immediately obvious exactly what needs measuring, nor how to do it. This book lays out the foundations on which a rational measurement system can be designed to manage information security in a more objective fashion.

The author encourages readers to consider a wide variety of measurement approaches and apply them sensibly to their information security management issues. In addition to conventional information security metrics, the book draws on governance, risk management, financial management and business analysis methods, a more diverse range of approaches than is normally covered in this field. Introducing measures of organization structure and culture sets this security metrics book apart from most others.

Although the writing style is clear, this is a complex subject covered in depth. Being rather theoretical in approach, the book won't suit practitioners simply looking for a short checklist of `security things to measure'. However, those with the interest and time to study Information Security Management Metrics will be rewarded with a deeper and more rounded understanding of the issue. As such, the book is probably of most value to CISOs and ISMs tasked with implementing better security metrics, and to information security management students.

› Go to Amazon.com to see the review 5.0 out of 5 stars