Key Components of an Information Security Metrics Program Plan

An information security metrics program can provide organizations with a resource to manage, monitor, control, or improve aspects of an information security program. A set of five key components necessary to include when developing a plan for an information security metrics program is presented. Components are framed in relation to criteria from Chew et al. (2008), and include associated tasks designed to a) increase accountability, b) improve information security effectiveness and c) demonstrate compliance. Key Components of IT Security Metrics Program 4 This page intentionally left blank Key Components of IT Security Metrics Program 5 Table of

[1]  Salvatore J. Stolfo,et al.  Measuring Security , 2011, IEEE Security & Privacy.

[2]  Karen A. Scarfone,et al.  Cyber Security Metrics and Measures , 2008 .

[3]  Linda Shields,et al.  Content Analysis , 2015 .

[4]  Sigurjon Thor Arnason,et al.  How to Achieve 27001 Certification: An Example of Applied Compliance Management , 2007 .

[5]  Robert Garigue,et al.  A Structured Approach to Incident Postmortems , 2002, Inf. Secur. J. A Glob. Perspect..

[6]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[7]  Rayford B. Vaughn,et al.  Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[8]  Will Kaydos Determining What to Measure , 1998 .

[9]  Audrey J. Dorofee,et al.  Incident Management Capability Metrics Version 0.1 , 2007 .

[10]  Eric Dubois,et al.  Towards a Measurement Framework for Security Risk Management , 2008, MODSEC@MoDELS.

[11]  S. Kowalski,et al.  SECURITY METRICS AND EVALUATION OF INFORMATION SYSTEMS SECURITY , 2004 .

[12]  J. Patrick Ravenel Effective Operational Security Metrics , 2006 .

[13]  Anni Sademies Process Approach to Information Security Metrics in Finnish Industry and State Institutions , 2004 .

[14]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[15]  R. B. House,et al.  At the University of North Carolina , 1945 .

[16]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[17]  Harold F. Tipton,et al.  Information security management handbook, Sixth Edition , 2003 .

[18]  James D. Lester,et al.  Writing Research Papers: A Complete Guide , 1971 .

[19]  Elizabeth B. Lennon IT Security Metrics , 2003 .

[20]  Joan Hash,et al.  Guide for Developing Performance Metrics for Information Security , 2006 .

[21]  Kevin M. Stine,et al.  Performance Measurement Guide for Information Security , 2008 .

[22]  M. Whitman,et al.  Management Of Information Security , 2004 .

[23]  Paul D Jeanne Ellis Ormrod Leedy,et al.  Practical Research: Planning and Design , 1974 .

[24]  William A. Wulf,et al.  TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .

[25]  Joel Rosenblatt Security Metrics: A Solution in Search of a Problem , 2008 .

[26]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[27]  Eric A. Fischer Creating a National Framework for Cybersecurity: An analysis of Issues and Options , 2005 .

[28]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[29]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[30]  Wes Sonnenreich,et al.  Return On Security Investment (ROSI) - A Practical Quantitative Modell , 2005, J. Res. Pract. Inf. Technol..

[31]  Dieter Gollmann,et al.  Quality Of Protection: Security Measurements and Metrics (Advances in Information Security) , 2006 .