Security smarts for the self-guided IT professional! Learn proven and easy-to-use security metrics strategies.

Written by the developer of eBay’s security metrics program, Security Metrics: A Beginner’s Guide is a must-have tool for any networking or security practitioner looking to optimize an existing security program and demonstrate measurable results. The book assumes real-life scenarios with limited resources and provides straightforward guidance for getting started quickly. Templates, checklists, and examples are provided both in the book and on the companion web site.

This practical guide begins by discussing the objective of measuring security, and addresses the key elements required to develop an effective security metrics program. This is followed by recommendations on how to identify targets for measurement, define key messages for key audiences, and obtain buy-in from stakeholders on measurement goals and timelines. The book describes processes for leveraging metrics for decision-making and driving change in an organization. It concludes with tips from an enterprise practitioner on how to work feedback loops into an effective metrics program for continuous improvement.

Security Metrics: A Beginner’s Guide features:

• Lingo—Concise definitions of frequently used security terms
• In Actual Practice—Real-world examples of security concepts in context
• Budget Note—Tips for optimizing security processes and technologies to align with an organization’s budget
• IMHO—Cautionary advice on errors to avoid, based on the author's life lessons
• Your Plan—Customizable, on-the-job planning checklists
• Into Action—Hands-on exercises that show how to apply new skills

Practical, in-depth coverage:
Why Measure Security?; Volumes, Bots; Essential Components of an Effective Security Metrics Practitioner; Analytics; Discipline, Commitment, Project Management; Decide What to Measure; Core Competencies; Identify Targets; Define Objectives / Goals; Define Your Priorities; Identify Key Messages for Key Audiences; Obtain Buy-In from Stakeholders and Commit to Timelines; Toolkit; Center for Information Security (CIS) Consensus Metrics Definitions; Case Study and Analysis Technology Samples; Creating the Best Environment for Healthy Metrics; Define a Communications Strategy; Create and Drive an Action Plan—The Importance of Project Management; Lessons Learned from an Enterprise Practitioner; Enhance Process Optimization and Data Quality; Fix Broken Processes Before Automation; Leverage Politics and Competition