Complete guide to security and privacy metrics : measuring regulatory compliance, operational resilience, and ROI
| 000 | 01152camuu2200289 a 4500 | |
| 001 | 000045389908 | |
| 005 | 20071015154753 | |
| 008 | 060905s2007 flua b 001 0 eng | |
| 010 | ▼a 2006048710 | |
| 020 | ▼a 0849354021 (alk. paper) | |
| 020 | ▼a 9780849354021 (alk. paper) | |
| 035 | ▼a (KERIS)REF000012802946 | |
| 040 | ▼a DLC ▼c DLC ▼d BAKER ▼d C#P ▼d YDXCP ▼d BTCTA ▼d DLC ▼d 211009 | |
| 050 | 0 0 | ▼a TK5102.85 ▼b .H4685 2007 |
| 082 | 0 0 | ▼a 005.8 ▼2 22 |
| 090 | ▼a 005.8 ▼b H568c | |
| 100 | 1 | ▼a Herrmann, Debra S. |
| 245 | 1 0 | ▼a Complete guide to security and privacy metrics : ▼b measuring regulatory compliance, operational resilience, and ROI / ▼c Debra S. Herrmann. |
| 260 | ▼a Boca Raton : ▼b Auerbach Publications , ▼c c2007. | |
| 300 | ▼a xxi, 824 p. : ▼b ill. ; ▼c 27 cm. | |
| 504 | ▼a Includes bibliographical references (p. 777-790) and index. | |
| 650 | 0 | ▼a Telecommunication ▼x Security measures ▼x Evaluation. |
| 650 | 0 | ▼a Computer security ▼x Evaluation. |
| 650 | 0 | ▼a Public records ▼x Access control ▼x Evaluation. |
| 650 | 0 | ▼a Computer crimes ▼x Prevention ▼x Measurement. |
| 945 | ▼a KINS |
소장정보
| No. | 소장처 | 청구기호 | 등록번호 | 도서상태 | 반납예정일 | 예약 | 서비스 |
|---|---|---|---|---|---|---|---|
| No. 1 | 소장처 과학도서관/Sci-Info(2층서고)/ | 청구기호 005.8 H568c | 등록번호 121155876 (5회 대출) | 도서상태 대출가능 | 반납예정일 | 예약 | 서비스 |
컨텐츠정보
책소개
While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization’s mission, industry, and size will affect the nature and scope of the task as well as the metrics and combinations of metrics appropriate to accomplish it. Finding the correct formula for a specific scenario calls for a clear concise guide with which to navigate this sea of information.
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI defines more than 900 ready to use metrics that measure compliance, resiliency, and return on investment. The author explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The book addresses measuring compliance with current legislation, regulations, and standards in the US, EC, and Canada including Sarbanes-Oxley, HIPAA, and the Data Protection Act-UK. The metrics covered are scaled by information sensitivity, asset criticality, and risk, and aligned to correspond with different lateral and hierarchical functions within an organization. They are flexible in terms of measurement boundaries and can be implemented individually or in combination to assess a single security control, system, network, region, or the entire enterprise at any point in the security engineering lifecycle. The text includes numerous examples and sample reports to illustrate these concepts and stresses a complete assessment by evaluating the interaction and interdependence between physical, personnel, IT, and operational security controls.
Bringing a wealth of complex information into comprehensible focus, this book is ideal for corporate officers, security managers, internal and independent auditors, and system developers and integrators.
This book defines more than 900 metrics measuring compliance with current legislation, resiliency of security controls, and return on investment. It explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The metrics are scaled by information sensitivity, asset criticality, and risk; aligned to correspond with different lateral and hierarchical functions; designed with flexible measurement boundaries; and can be implemented individually or in combination. The text includes numerous examples and sample reports and stresses a complete assessment by evaluating physical, personnel, IT, and operational security controls.
정보제공 :
목차
Introduction
Background
Purpose
Scope
How to Get the Most Out of This Book
Acknowledgments
The “Whats” and “Whys” of Metrics
Measurement Basics
Data Collection and Validation
Defining Measurement Boundaries
Whose Metrics?
Uses and Limits of Metrics
Avoiding the Temptation to Bury Your Organization in Metrics
Relation to Risk Management
Examples from Reliability Engineering
Examples from Safety Engineering
Examples from Software Engineering
The Universe of Security and Privacy Metrics
Measuring Compliance with Security and Privacy Regulations and Standards
Financial Industry
Gramm-Leach-Bliley (GLB) Act ? United States
Sarbanes-Oxley Act ? United States
Healthcare
Health Insurance Portability And Accountability Act (HIPAA) ? United States
Personal Health Information Act (PHIA) ? Canada
Personal Privacy
Organization for Economic Cooperation and Development (OECD) Privacy, Cryptography, and Security Guidelines
Data Protection Directive ? E.C.
Data Protection Act ? United Kingdom
Personal Information Protection And Electronic Documents Act (PIPEDA) ? Canada
Privacy Act ? United States
Homeland Security
Federal Information Security Management Act (FISMA) ? United States
Homeland Security Presidential Directives (HSPDs) ? United States
North American Electrical Reliability Council (NERC) Cyber Security Standards
The Patriot Act ? United States
Measuring Resilience of Physical, Personnel, IT, and Operational Security Controls
Physical Security
Personnel Security
IT Security
Operational Security
Measuring Return on Investment (ROI) in Physical, Personnel, IT, and Operational Security Controls
Security ROI Model
Security ROI Primitives, Metrics, and Reports
Appendices
A Glossary of Terms, Acronyms, and Abbreviations
B Additional Resources:
Standards
Policies
Publications
Index
정보제공 :