belliott
Joined: 10 Dec 2004
Posts: 11
|
| Posted: Sun May 14, 2006 9:31 pm Post subject: IT Security Metrics: measure and control your IT security |
|
|
Article title: IT Security Metrics: measure and control your IT security
AKS-Labs wrote: Performance metrics are tools designed to facilitate decision making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. IT security metrics are based on IT security performance goals and objectives, which state the desired results of a system security program implementation and identify practices defined by security policies and procedures. Overall, IT security metrics monitor the accomplishment of the goals and objectives by quantifying the level of implementation of the security controls and the effectiveness and efficiency of the controls, analyzing the adequacy of security activities and identifying possible improvement actions.
The metrics that are ultimately selected for implementation will be useful not only for measuring performance, identifying causes of unsatisfactory measurements, and pinpointing improvement areas, but also for facilitating continuous policy implementation, effecting security policy changes, and redefining goals and objectives. Once the measurement of security control implementation commences, subsequent measurements can be used to identify performance trends and ascertain whether the rate of implementation is appropriate. A specific frequency of each metric collection will depend on the life cycle of a measured event. For instance, a metric that pertains to crackable passwords should be collected at least monthly.
Read article: IT Security Metrics: measure and control your IT security
|
|
