PRAGMATIC Security Metrics: Applying Metametrics to Information Security (Hardcover)

W. Krag Brotby, Gary Hinson

  • 出版商: Auerbach Publication
  • 出版日期: 2013-01-08
  • 售價: $3,980
  • 貴賓價: 9.5$3,781
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Hardcover
  • ISBN: 1439881529
  • ISBN-13: 9781439881521
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)

商品描述

Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.

Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help:

  • Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done
  • Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities
  • Stakeholders, both within and outside the organization, be assured that information security is being competently managed

The PRAGMATIC approach lets you hone in on your problem areas and identify the few metrics that will generate real business value. The book:

  • Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured
  • Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method
  • Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice
  • Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales
  • Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance

In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management including finance, human resources, engineering, and production—in fact any area that suffers a surplus of data but a deficit of useful information.

Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place.

商品描述(中文翻譯)

其他關於資訊安全度量的書籍以學術術語討論數論和統計。《實用安全度量:應用變度量於資訊安全》則以實用為主,數學內容較少。這是一本終極的實作指南,針對安全度量提供易於遵循的指導。

這本書充滿了節省時間的技巧,為那些在安全度量方面苦苦掙扎的人提供易於遵循的指導。逐步地,它清楚地解釋了如何指定、開發、使用和維護一個資訊安全度量系統(一套全面的度量指標),以幫助:

- 安全專業人員系統地改進資訊安全,展示他們所增加的價值,並獲得管理層對需要完成的事情的支持
- 管理層理性地解決以前無法解決的問題,做出關鍵決策,如資源分配和將安全優先考慮於其他業務活動之上
- 內外組織的利益相關者確信資訊安全得到了有效管理

PRAGMATIC方法讓您聚焦於問題領域,並確定那些能產生真正商業價值的少數度量指標。本書:

- 幫助您確定需要測量的內容,如何測量,以及最重要的是,為什麼需要測量
- 評分和排名超過150個候選的安全度量指標,以展示PRAGMATIC方法的價值
- 強調在實踐中表現不佳的廣泛使用和推薦的安全度量指標
- 描述創新和靈活的測量方法,如具有連續尺度的能力成熟度度量
- 解釋如何使用互補的度量指標來最小化測量和安全風險,以提供對於治理和合規等關鍵領域更高的保證

除了在資訊安全領域的明顯實用性外,PRAGMATIC方法在管理的各個領域都有廣泛應用,包括金融、人力資源、工程和生產等領域,事實上,任何領域都可能存在數據過剩但缺乏有用信息的情況。

另外,本書首次引入的PRAGMATIC方法在全球採用創新技術的專業人士社群中得到支持。如果您也在努力理解安全度量,或者正在尋找更好的度量指標來管理和改進資訊安全,Security Metametrics是您的選擇。