Published on Security Management (http://www.securitymanagement.com)
Security Metrics: Replacing Fear, Uncertainty, and Doubt
By Andrew Jaquith; Reviewed by Will Morrison, CPP
February 2008



    
Print Edition Only: 
No
Beyond Print?: 
No
Weight: 
0
Issue: 
February 2008 [1]
Teaser: 
Andrew Jaquith has provided IT security professionals with a comprehensive guide to capturing security metrics that will help them demonstrate return on investment to decision makers in the executive suite.


*****     Security Metrics: Replacing Fear, Uncertainty, and Doubt. By Andrew Jaquith; published by Addison-Wesley Professional; www.informit.com [2] (Web); 336 pages; $49.99.


Andrew Jaquith has provided IT security professionals with a comprehensive guide to capturing security metrics that, if followed, will help them demonstrate return on investment to decision makers in the executive suite.


The book opens with a discussion of the so-called “hamster wheel of pain” on which the typical risk manager runs and runs without getting anywhere. That, Jaquith says, is the result of traditional metrics, which merely (support) “the existence of the vendor’s products.” He insists that performance should be “consistently measured” and “expressed as a number or percentage.”


The reader is taken step-by-step through the issues that merit consideration when gathering such metrics. The author uses charts, graphics, case discussions, and lessons-learned to illustrate a collection of metrics that delivers consistent, clear, and concise information.


Jaquith offers insight on various methods for gathering, recording, and presenting metrics so they are easily consumed. For example, he discusses how firewall and systems logs can assist in providing a complete picture of security metrics, and can complement other data-gathering tools. Jaquith also names some of the software tools that aid in metrics collection.


While most chapters provide checklists, a single, all-inclusive checklist at the end of the book would have been helpful, especially for managers who need to jump-start a gasping metrics program.


Written in conversational style, Security Metrics     would be accessible even to an IT security neophyte. Yet it is a must-have for anyone serious about gathering IT security metrics that will have an impact in the boardroom.




Reviewer: Will Morrison, CPP, is a security management professional with NASA and a 30-year veteran of federal service, including work as an information technology security manager. He is a member of ASIS International.


Author: 
Andrew Jaquith; Reviewed by Will Morrison, CPP
Related Resources: 
Detail Image: 
Jacquith.gif
Thumbnail: 
Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international 
 organization for security professionals, with more than 35,000 members worldwide.


 ASIS International, Inc.  Worldwide Headquarters USA,   1625 Prince Street, Alexandria, Virginia 22314-2818 
 703-519-6200 | fax 703-519-6299 | www.asisonline.org
 ASIS
 Copyright © 2008, Security Management








    

    
Source URL: http://www.securitymanagement.com/article/security-metrics-replacing-fear-uncertainty-and-doubt

    
Links:
[1] http://www.securitymanagement.com/magazine/2008/02

[2] http://www.informit.com