On the Secure Software Development Process: CLASP and SDL Compared
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Who Are the Experts, and What Have They Done for Us Lately?
IEEE Security and Privacy
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Proceedings of the 4th ACM workshop on Quality of protection
An evaluation of business solutions in manufacturing enterprises
International Journal of Business Intelligence and Data Mining
Modeling the trust boundaries created by securable objects
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Techniques for enterprise network security metrics
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
GoCoMM: a governance and compliance maturity model
Proceedings of the first ACM workshop on Information security governance
Security risk management using internal controls
Proceedings of the first ACM workshop on Information security governance
Measuring the interplay of security principles in software architectures
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
Evaluating the adaptivity of computing systems
Performance Evaluation
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Applicability of security metrics for adaptive security management in a universal banking hub system
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
A risk-metric framework for enterprise risk management
IBM Journal of Research and Development
Ontologies for modeling enterprise level security metrics
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Quantitative software security measurement in an engineering service bus platform
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Addressing misalignment between information security metrics and business-driven security objectives
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Security implications of selective encryption
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Performance and security tradeoff
SFM'10 Proceedings of the Formal methods for quantitative aspects of programming languages, and 10th international conference on School on formal methods for the design of computer, communication and software systems
k-zero day safety: measuring the security risk of networks against unknown attacks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Metrics for characterizing the form of security policies
The Journal of Strategic Information Systems
Evidential structures and metrics for network forensics
International Journal of Internet Technology and Secured Transactions
Security metrics and security investment models
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
Journal of Systems Architecture: the EUROMICRO Journal
Towards benchmarking the trustworthiness of web applications code
EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Risk analysis supported by information security metrics
Proceedings of the 12th International Conference on Computer Systems and Technologies
Quantitative Evaluation of Enterprise DRM Technology
Electronic Notes in Theoretical Computer Science (ENTCS)
Challenges for the security analysis of Next Generation Networks
Information Security Tech. Report
Towards a security evaluation model based on security metrics
Proceedings of the 13th International Conference on Computer Systems and Technologies
Towards metrics-driven adaptive security management in e-health IoT applications
Proceedings of the 7th International Conference on Body Area Networks
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Enabling trustworthy spaces via orchestrated analytical security
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Relationships between information security metrics: an empirical study
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
On the use of the Clark-Wilson security model to protect industrial automation control systems
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Cost-benefit analysis of digital rights management products using stochastic models
Proceedings of the 46th Annual Simulation Symposium
Proceedings of the 2nd annual conference on Research in information technology
Proceedings of the International Workshop on Adaptive Security
Hi-index | 0.00 |
The Definitive Guide to Quantifying, Classifying, and Measuring Enterprise IT Security OperationsSecurity Metrics is the first comprehensive best-practice guide to defining, creating, and utilizing security metrics in the enterprise.Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization's unique requirements. You'll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management.Security Metrics successfully bridges management's quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith's extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You'll learn how to:· Replace nonstop crisis response with a systematic approach to security improvement· Understand the differences between “good” and “bad” metrics· Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk· Quantify the effectiveness of security acquisition, implementation, and other program activities· Organize, aggregate, and analyze your data to bring out key insights· Use visualization to understand and communicate security issues more clearly· Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources· Implement balanced scorecards that present compact, holistic views of organizational security effectivenessWhether you're an engineer or consultant responsible for security and reporting to managementï戮聳or an executive who needs better information for decision-makingï戮聳Security Metrics is the resource you have been searching for.Andrew Jaquith, program manager for Yankee Group's Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. Forewordï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Prefaceï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Acknowledgmentsï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 About the Authorï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Chapter 1 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Introduction: Escaping the Hamster Wheel of Painï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Chapter 2 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Defining Security Metricsï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Chapter 3 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Diagnosing Problems and Measuring Technical Securityï戮 ï戮 Chapter 4 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Measuring Program Effectivenessï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Chapter 5 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Analysis Techniquesï戮 ï戮 ï戮 ï戮 ï戮 Chapter 6 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Visualizationï戮 ï戮 ï戮 ï戮 ï戮 Chapter 7 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Automating Metrics CalculationsChapter 8 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 Designing Security Scorecardsï戮 ï戮 Indexï戮 ï戮 ï戮