راهنمای کامل معیارهای امنیت و حریم خصوصی: اندازهگیری انطباق با مقررات، تابآوری عملیاتی و بازگشت سرمایه
Complete Guide to Security and Privacy Metrics : Measuring Regulatory Compliance, Operational Resilience, and ROI
معرفی کتاب «راهنمای کامل معیارهای امنیت و حریم خصوصی: اندازهگیری انطباق با مقررات، تابآوری عملیاتی و بازگشت سرمایه» (با عنوان لاتین Complete Guide to Security and Privacy Metrics : Measuring Regulatory Compliance, Operational Resilience, and ROI) نوشتهٔ Debra S. Herrmann، منتشرشده توسط نشر Auerbach Publications در سال 2007. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
While it has become increasingly apparent that individuals and organizations need a security metrics program, it has been exceedingly difficult to define exactly what that means in a given situation. There are hundreds of metrics to choose from and an organizationвЂTMs mission, industry, and size will affect the nature and scope of the task as well as the metrics and combinations of metrics appropriate to accomplish it. Finding the correct formula for a specific scenario calls for a clear concise guide with which to navigate this sea of information. Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI defines more than 900 ready to use metrics that measure compliance, resiliency, and return on investment. The author explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The book addresses measuring compliance with current legislation, regulations, and standards in the US, EC, and Canada including Sarbanes-Oxley, HIPAA, and the Data Protection Act-UK. The metrics covered are scaled by information sensitivity, asset criticality, and risk, and aligned to correspond with different lateral and hierarchical functions within an organization. They are flexible in terms of measurement boundaries and can be implemented individually or in combination to assess a single security control, system, network, region, or the entire enterprise at any point in the security engineering lifecycle. The text includes numerous examples and sample reports to illustrate these concepts and stresses a complete assessment by evaluating the interaction and interdependence between physical, personnel, IT, and operational security controls. Bringing a wealth of complex information into comprehensible focus, this book is ideal for corporate officers, security managers, internal and independent auditors, and system developers and integrators. Front cover 1 Dedication 6 Contents 8 List of Tables 16 List of Figures 20 Other Books by the Author 21 About the Author 22 Chapter 1, Introduction 24 Chapter 2. The Whats and Whys of Metrics 44 Chapter 3. Measuring Compliance with Security and Privacy Regulations and Standards 170 Chapter 4. Measuring Resilience of Physical, Personnel, IT, and Operational Security Controls 390 Chapter 5. Measuring Return on Investment (ROI) in Physical, Personnel, IT, and Operational Security Controls 710 Annex A: Glossary of Terms, Acronyms, and Abbreviations 776 Annex B: Additional Resources 800 Index 814 Back cover 848 This book defines more than 900 metrics measuring compliance with current legislation, resiliency of security controls, and return on investment. It explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives. The metrics are scaled by information sensitivity, asset criticality, and risk; aligned to correspond with different lateral and hierarchical functions; designed with flexible measurement boundaries; and can be implemented individually or in combination. The text includes numerous examples and sample reports "This book defines more than 900 ready-to-use metrics that measure compliance, resiliency, and return on investment. The author explains what needs to be measured, why and how to measure it, and how to tie security and privacy metrics to business goals and objectives."--Jacket
دانلود کتاب راهنمای کامل معیارهای امنیت و حریم خصوصی: اندازهگیری انطباق با مقررات، تابآوری عملیاتی و بازگشت سرمایه