- Trending Categories
- Data Structure
- Operating System
- MS Excel
- C Programming
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What are the basics of security metrics in information security?
There are some basics of security metrics which are as follows −
Background − Metrics are tools designed to support decision making and recover performance and accountability during set, analysis, and documenting of pertinent performance-associated data.
The point of measuring performance is to consider the condition of considered activities and facilitate improvement in those activities by using counteractive actions, based on observed dimensions. While a case can be made for using multiple terms for more comprehensive and aggregated items, such as metrics and measures, this document creates these terms interchangeably.
Metric Lifecycle − The business logic connected with a metric follows a simple dealing out sample −
Create − It is used to obtain primary input data from one or more authoritative providers, including commercial products or homegrown customer applications.
Calculate − It can be used to apply a series of analytic operations (called actions) on the primary data to derive a result and store the result in the metric results database in the form of one or more rows in a table.
Communicate − It can be used to communicate the metric results in any of the following formats − default visualization, e-mail notification, e-mail alert based upon detection of some policy violation.
Security Metrics Management − A metric generates results that are accumulated in a defined metric database which is usable through standard SQL and JDBC interfaces to keep up the following functions.
Risk Management − Metrics that compute threat probability, vulnerability, Counter measure coverage and asset cost capitulate consequences that can be used to model risk.
Budget Management − Metrics that decide the level of effort, impact, and obtainable can be changed into dollar cost for the reason of establishing budgets and computing return on investment.
Audit & Compliance Assessment (Internal or External) − Metrics that compute policy compliance for individual moreover groups of definitions capitulate results that can improve reports generated by compliance tools.
Security Operations − Metrics that collect data over time can be used to identify trends that suggest specific actions to be taken by data center functions staff.
The Value of Security Metrics − Metrics can be an effectual device for security executives to discern the efficiency of several components of their protection programs, the security of a specific system, product or process, and the aptitude of staff or departments within an organization to address security concerns for which they are accountable.
Metrics can also help identify the level of risk in not taking a given action, and in that way supply guidance in prioritizing counteractive actions. Moreover, they can be used to increase the level of security alertness within the organization.
- Related Articles
- What is Security Metrics Management in information security?
- What is an Information Security Metrics?
- What are the lifecycle of security metrics?
- What are the classification of security metrics?
- What are the security services of Information Security?
- What are the levels of database security in information security?
- What are the techniques of database security in information security?
- What are the types of security mechanism in information security?
- What are the classification of security attacks in information security?
- What are the main Security Frameworks in information security?
- What are the specific security mechanism in Information Security?
- What are the Pervasive Security Mechanisms in Information Security?
- What is the importance of Security Information Management in information security?
- What are the aspects of Information Security?
- What are the Pillars of Information Security?