Free standard shipping on all orders
  • Visa
  • Master Card
  • American Express
  • Apple Pay
  • Google Pay
  • JCB

Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI book cover

1st Edition

Complete Guide to Security and Privacy Metrics Measuring Regulatory Compliance, Operational Resilience, and ROI

By Debra S. Herrmann Copyright 2007
846 Pages 28 B/W Illustrations
by Auerbach Publications

848 Pages
by Auerbach Publications
Also available as eBook on:
While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organization’s mission, industry, and size will affect the nature and scope of the task as well as the metrics and combinations of metrics... Read more
Introduction
Background
Purpose
Scope
How to Get the Most Out of This Book
Acknowledgments
The “Whats” and “Whys” of Metrics
Measurement Basics
Data Collection and Validation
Defining Measurement Boundaries
Whose Metrics?
Uses and Limits of Metrics
Avoiding the Temptation to Bury Your Organization in Metrics
Relation to Risk Management
Examples from Reliability Engineering
Examples from Safety Engineering
Examples from Software Engineering
The Universe of Security and Privacy Metrics
Measuring Compliance with Security and Privacy Regulations and Standards
Financial Industry
Gramm-Leach-Bliley (GLB) Act — United States
Sarbanes-Oxley Act — United States
Healthcare
Health Insurance Portability And Accountability Act (HIPAA) — United States
Personal Health Information Act (PHIA) — Canada
Personal Privacy
Organization for Economic Cooperation and Development (OECD) Privacy, Cryptography, and Security Guidelines
Data Protection Directive — E.C.
Data Protection Act — United Kingdom
Personal Information Protection And Electronic Documents Act (PIPEDA) — Canada
Privacy Act — United States
Homeland Security
Federal Information Security Management Act (FISMA) — United States
Homeland Security Presidential Directives (HSPDs) — United States
North American Electrical Reliability Council (NERC) Cyber Security Standards
The Patriot Act — United States
Measuring Resilience of Physical, Personnel, IT, and Operational Security Controls
Physical Security
Personnel Security
IT Security
Operational Security
Measuring Return on Investment (ROI) in Physical, Personnel, IT, and Operational Security Controls
Security ROI Model
Security ROI Primitives, Metrics, and Reports
Appendices
A Glossary of Terms, Acronyms, and Abbreviations
B Additional Resources:
Standards
Policies
Publications
Index

Biography

Debra S. Herrmann

"Provides valuable directions on how measurement works and what goes into producing a useful metric. … when faced with the necessity of developing a metrics program to measure the effectiveness of some aspect of your security efforts, this rather imposing tome is one I would recommend as a way to jumpstart your efforts. The master table in the introduction provides a quick guide to the particular section most relevant to the reader’s need …”
— Richard Austin, in IEEE Cipher, June 2007

"... a useful reference for individuals who must meet the challenge of selecting good metrics."
—Cheryl Washington, Information Security Officer, California State University, in Educause Quarterly

Add to Cart