EUR 63,64
  • Tous les prix incluent la TVA.
Il ne reste plus que 2 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon.
Emballage cadeau disponible.
Quantité :1
PRAGMATIC Security Metric... a été ajouté à votre Panier
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir cette image

PRAGMATIC Security Metrics: Applying Metametrics to Information Security (Anglais) Relié – 8 janvier 2013


Voir les 2 formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle
"Veuillez réessayer"
Relié
"Veuillez réessayer"
EUR 63,64
EUR 51,76 EUR 138,91

Offres spéciales et liens associés



Descriptions du produit

Présentation de l'éditeur

Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.

Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics) to help:

  • Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done
  • Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities
  • Stakeholders, both within and outside the organization, be assured that information security is being competently managed

The PRAGMATIC approach lets you hone in on your problem areas and identify the few metrics that will generate real business value. The book:

  • Helps you figure out exactly what needs to be measured, how to measure it, and most importantly, why it needs to be measured
  • Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method
  • Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice
  • Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales
  • Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance

In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management including finance, human resources, engineering, and production—in fact any area that suffers a surplus of data but a deficit of useful information.

Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in PRAGMATIC Security Metrics. If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place. http://securitymetametrics.com/

Biographie de l'auteur

Krag Brotby has 30 years of experience in the area of enterprise computer security architecture, governance, risk, and metrics and is a Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise Information Technology qualifications. Krag is a CISM trainer and has developed a number of related courses in governance, metrics, governance‐risk‐compliance (GRC), and risk and trained thousands on five continents during the past decade.

Krag’s experience includes intensive involvement in current and emerging security architectures, IT and information security metrics, and governance. He holds a foundation patent for digital rights management and has published a variety of technical and IT security-related articles and books. Brotby has served as principal author and editor of the Certified Information Security Manager Review Manual (ISACA 2012) since 2005, and is the researcher and author of the widely circulated Information Security Governance: Guidance for Boards of Directors and Executive Management (ITGI 2006), and Information Security Governance: Guidance for Information Security Managers (ITGI 2008a) as well as a new approach to Information Security Management Metrics (Brotby 2009a) and Information Security Governance; A Practical Development and Implementation Approach (Brotby 2009b).

Krag has served on ISACA’s Security Practice Development Committee. He was appointed to the Test Enhancement Committee, responsible for testing development, and to the committee developing a systems approach to information security called the Business Model for Information Security (BMIS). He received the 2009 ISACA John W. Lainhart IV Common Body of Knowledge Award for noteworthy contributions to the information security body of knowledge for the benefit of the global information security community.

Krag is a member of the California High Tech Task Force Steering Committee, an advisory board for law enforcement. He is a frequent workshop presenter and speaker at conferences globally and lectures on information security governance; metrics; information security management; and GRC and CISM preparation throughout Oceania, Asia, Europe, the Middle East, and North America. As a practitioner in the security industry for three decades, Krag was the principal Xerox BASIA enterprise security architect and managed the proof-of-concept project, pilot, and global PKI implementation plan. He was a principal architect of the SWIFT Next Gen PKI security architecture; served as technical director at RAND Corporation for the cyber assurance initiative; as chief security strategist, was the PKI architect for TransactPlus, a J.P. Morgan spinoff; and developed policies and standards for a number of organizations, including the Australian Post Office and several U.S. banks.

Recent consulting engagements include security governance projects for the Australia Post, New Zealand Inland Revenue, and Singapore Infocom Development Agency. Clients have included Microsoft, Unisys, AT&T, BP Alyeska, Countrywide Financial, Informix, Visa, VeriSign, Digital Signature Trust, Zantaz, Bank Al-Bilad, J.P. Morgan Chase, KeyBank, Certicom, and Paycom, among others. He has served on the board of advisors for Signet Assurance and has been involved in significant trade secret theft cases in the Silicon Valley.

Gary Hinson—Despite his largely technical background, Dr. Gary Hinson, PhD, MBA, CISSP, has an abiding interest in human factors—the people side as opposed to the purely technical aspects of information security and governance. Gary’s professional career stretches back to the mid-1980s as both a practitioner and manager in the fields of IT system and network administration, information security, and IT auditing. He has worked for some well-known multinationals in the pharmaceuticals/life sciences, utilities, IT, engineering, defense, and financial services industries, mostly in the United Kingdom and Europe. He emigrated to New Zealand in 2005 and now lives on a "lifestyle block" surrounded by more sheep than people.

In the course of his work, Gary has developed or picked up and used a variety of information security metrics. Admittedly, they didn’t all work out, but such is the nature of this developing field (Hinson 2006). In relation to programs to implement information security management systems, for example, Gary had some success using conventional project management metrics to guide the implementation activities and discuss progress with senior managers. However, management seemed curiously disinterested in measuring the business benefits achieved by their security investments despite Gary having laid out the basis for measurement in the original business cases. And so started his search for a better way.

Since 2000, Gary has been consulting in information security, originally for a specialist security consultancy in London and then for IsecT Ltd., his own firm. Gary designed, developed, and, in 2003, launched NoticeBored (www.NoticeBored.com), an innovative information security awareness subscription service. NoticeBored has kept him busy ever since, researching and writing awareness materials for subscribers covering a different information security topic each month. One of the regular monthly awareness deliverables from NoticeBored is a management-level awareness briefing proposing and discussing potential metrics associated with each month’s information security topic—for example, a suite of metrics concerning the management of incidents was delivered with a host of other awareness materials about incident management.

Gary has been a passionate fan of the ISO/IEC 27000-series "ISO27k" information security management standards since shortly before BS 7799 was first released nearly two decades ago. He contributes to the continued development of ISO27k through New Zealand’s membership of SC27, the ISO/IEC committee responsible for them, although he arrived in NZ too late to influence ISO/IEC 27004:2009 on information security measurements, unfortunately (we have more to say on ’27004 below!). To find out what ISO27k can do for your organization, visit www.ISO27001security.com to explore the standards, find out about new developments, and join ISO27k Forum, the email reflector for a global user group.

Before all that, Gary was a scientist researching bacterial genetics at the universities of York and Leicester in the United Kingdom. He has long since lost touch with the cut and thrust of gene cloning, DNA fingerprinting, and all that, but despite recently discovering his creative streak through NoticeBored, the rational scientist and metrician still lurks deep within him. So seven years of university study was not a total waste after all.


Détails sur le produit


En savoir plus sur les auteurs

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Dans ce livre (En savoir plus)
Parcourir les pages échantillon
Couverture | Copyright | Table des matières | Extrait | Index | Quatrième de couverture
Rechercher dans ce livre:

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur Amazon.com (beta)

Amazon.com: 4 commentaires
4 internautes sur 5 ont trouvé ce commentaire utile 
A wealth of tools and inputs for anybody having to deal with metrics. 18 mars 2013
Par Daniel Brunner - Publié sur Amazon.com
Format: Relié
In the last few years the term "security metrics" has developed somewhat into a holy grail. Everybody wants them, everybody seems to know that they are necessary, but how the devil is the CISO or the IT department able to get them? As a result we were presented with ISO 27004, some NIST papers and others and the time of writing the term "security metrics" generates over 2.4m hits when googled and "information security metrics" over 990'000.
As a CISO I am need of security metrics myself but was always a little bit hesitant of delving deeper into the matter as some of the books I read about the topic seemed arcane and rather impractical for daily use. And now this book comes along, making the whole matter in my opinion much clearer and easier to handle.

In the first few chapters Brotby and Hinson provide an overview of the status quo and the why and how of security metrics. They deal with great insight with the differing methods and concepts, and the purpose of and audience for security metrics. Chapter 5 deals concisely with points actually to be measured and where one can find them. Throughout the language is very accessible, making this book a pleasure to read and work with.

In chapter 6 the authors then provide us with a thoughtful introduction to their PRAGMATIC approach which is followed by a chapter with over 150 information security metrics. All these metrics are explained in detail, are easy to understand and thus provide a practical tool ready to use for anybody in need of reference points what and how to "measure security".

The next chapter deals concisely with the "how to". The authors provide a clear and concise explanation of how to design an information security measurement system using their method. In just about 20 pages they manage to make clear what has to go into the system, which reference points are to be considered and how everything can be pulled together in order to be able to create a system which can be easily handled and worked with as required.

The final chapters then provide the readers with more information about using metrics in general and the system of Brotby and Hinson in particular. A case study shows the practical application of the PRAGMATIC system and the final pages provide once more a wealth of helpful tools.

In summary I would like to give the following verdict: Until now I have not come across a book about information security metrics that was so clearly and concisely written. The book is easy to understand and provides a wealth of tools and inputs for anybody having to deal with metrics.

The sample metrics and the very thoughtful insights regarding the creation of an information security metrics system tailor-made for the individual organization hopefully will make this book a standard work. It is clear that the authors have thought a lot about the subject and also have practical experience in the matter, as otherwise this tome would have turned out turgid and technological, something which it clearly is not.
2 internautes sur 3 ont trouvé ce commentaire utile 
More than metrics 1 mai 2013
Par Koen - Publié sur Amazon.com
Format: Relié Achat vérifié
This books makes you think about metrics. It is applied to information security, but the line of thinking can easily be extended to many other fields of management. Before offering a rated choice of about 150 metrics, the authors explain a complete methodology on choosing and rating candidate metrics. A must read for those that produce KPI's for senior management, or for senior manager that want to be informed by useful indicators.
1 internautes sur 2 ont trouvé ce commentaire utile 
Metric System 17 septembre 2014
Par RobRoy - Publié sur Amazon.com
Format: Relié
I work IT and network security so I am always reading. So this book -- I bring this to work and everyone thought, good another metric book, quick to discount it as such. Well several months later I finally got my book back. And someone else asked for it this morning. Simple and to the point metrics to include readibility of one's policies and the weight of the same.
1 internautes sur 2 ont trouvé ce commentaire utile 
Unbelievable detail! 4 avril 2014
Par fevgpuvr - Publié sur Amazon.com
Format: Format Kindle Achat vérifié
So many security books talk about metrics at a high level and have no substance. This book has charts, table, examples, and case studies throughout that demonstrate how to use metrics in a meaningful way. Not just PRAGMATIC but practical.
Ces commentaires ont-ils été utiles ? Dites-le-nous


Commentaires

Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?