7
What are the Business Security Metrics? Shawn A. Butler President, MSB Associates Inc. 703-628-2195

What are the Business Security Metrics?

Embed Size (px)

DESCRIPTION

What are the Business Security Metrics?

Citation preview

Page 1: What are the Business Security Metrics?

What are the Business Security Metrics?

Shawn A. ButlerPresident, MSB Associates Inc.

703-628-2195

Page 2: What are the Business Security Metrics?

Balance Security Objectives

Page 3: What are the Business Security Metrics?

The Value of Reducing Risk

• If Security Risk Management is a Business Decision, then we need to understand the cost and the value

• What is the Cost?– Frequency and Impact!– What are organizations collecting?

• Frequency!

Page 4: What are the Business Security Metrics?

Example of Collected Data

0

10

20

30

40

50

60

70

UnauthorizedAccess

Probes Denial ofService

Viruses

Where is the impact?

Page 5: What are the Business Security Metrics?

Little Assessment of Security Controls

Page 6: What are the Business Security Metrics?

What information do you need?

Page 7: What are the Business Security Metrics?

Goal – Question - Metric

• Goal: Reduce confidentiality risks to sensitive data?

• Questions: – What are my greatest risks to this type of

data?– Who has access to this data?– What is the likely impact?

• Metrics????


Static-Dynamic Analysis of Security Metrics for Cyber ... · Static-Dynamic Analysis of Security Metrics 1 ... Static-Dynamic Analysis of Security Metrics for Cyber-Physical Systems

Static-Dynamic Analysis of Security Metrics for Cyber ... · Static-Dynamic Analysis of Security Metrics 1 ... Static-Dynamic Analysis of Security Metrics for Cyber-Physical Systems

Documents
Information Security Effectiveness Metrics: What Metrics ...€¦ · Span of Measurement Across the ISLC. Strategic: Governance & Policies Operations – Active Security Applications

Information Security Effectiveness Metrics: What Metrics ...€¦ · Span of Measurement Across the ISLC. Strategic: Governance & Policies Operations – Active Security Applications

Documents
Information Security Metrics - DiVA

Information Security Metrics - DiVA

Documents
Metrics of Security - NIST

Metrics of Security - NIST

Documents
HE CHALLENGES OF METRICS IN TRANSIT SECURITY MANAGEMENT · THE CHALLENGES OF METRICS IN TRANSIT SECURITY MANAGEMENT Julie Schneider, CPP ... •Miscoding by Dispatchers •What are

HE CHALLENGES OF METRICS IN TRANSIT SECURITY MANAGEMENT · THE CHALLENGES OF METRICS IN TRANSIT SECURITY MANAGEMENT Julie Schneider, CPP ... •Miscoding by Dispatchers •What are

Documents
Bio Metrics- Biological Security Measures

Bio Metrics- Biological Security Measures

Documents
Security Management Metrics

Security Management Metrics

Technology
Evolution of OIG FISMA Metrics - NIST Computer Security ... · Evolution of OIG FISMA Metrics Information Security ... Agenda • Inspector General (IG) FISMA metrics background •

Evolution of OIG FISMA Metrics - NIST Computer Security ... · Evolution of OIG FISMA Metrics Information Security ... Agenda • Inspector General (IG) FISMA metrics background •

Documents
CIS Security Metrics v1.0.0

CIS Security Metrics v1.0.0

Documents
Unified Security Metrics –Vulnerability Metrics

Unified Security Metrics –Vulnerability Metrics

Documents
Security Metrics for e-Healthcare Information Systems: A ... · Security Metrics for e-Healthcare Information Systems: A Domain Specific Metrics Approach Said Jafari, Fredrick Mtenzi,

Security Metrics for e-Healthcare Information Systems: A ... · Security Metrics for e-Healthcare Information Systems: A Domain Specific Metrics Approach Said Jafari, Fredrick Mtenzi,

Documents
CAPABILITY MATURITY MODEL AND METRICS FRAMEWORK … · quantitative security metrics in security assessment process of the CSCMM model and introduces several advanced security metrics

CAPABILITY MATURITY MODEL AND METRICS FRAMEWORK … · quantitative security metrics in security assessment process of the CSCMM model and introduces several advanced security metrics

Documents
Security Metrics [2008]

Security Metrics [2008]

Business
Metrics for Food Security & Undernutrition

Metrics for Food Security & Undernutrition

Documents
Security/Information Assurance Measurements and Metrics IA Measures-Sept14.pdf · Security/Information Assurance Measurements and Metrics ... –Risk management standards –Metrics

Security/Information Assurance Measurements and Metrics IA Measures-Sept14.pdf · Security/Information Assurance Measurements and Metrics ... –Risk management standards –Metrics

Documents
A fistful of metrics - FIRST - Improving Security Together · 2016-06-21 · Metrics Answer Questions • Which is more widespread – ELK RCE or Unauthenticated MongoDB? • What

A fistful of metrics - FIRST - Improving Security Together · 2016-06-21 · Metrics Answer Questions • Which is more widespread – ELK RCE or Unauthenticated MongoDB? • What

Documents
Security Measures and Metrics

Security Measures and Metrics

Documents
Cyber Security Services (CSS) Metrics

Cyber Security Services (CSS) Metrics

Documents
Security Metrics and Security Investment - University … Metrics and Security Investment ... or more precisely information security and management. ... can distinguish one-o from

Security Metrics and Security Investment - University … Metrics and Security Investment ... or more precisely information security and management. ... can distinguish one-o from

Documents
CIS Security Metrics v1.1.0

CIS Security Metrics v1.1.0

Documents
Metrics for Security Effort Prioritization

Metrics for Security Effort Prioritization

Data & Analytics
ISSA Sacramento: Security Metrics - So What?

ISSA Sacramento: Security Metrics - So What?

Documents
What Metrics Matter?

What Metrics Matter?

Engineering
Cyber Security Metrics - ehcca.com · Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security. ... (2013 Defense Science Board Report)

Cyber Security Metrics - ehcca.com · Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security. ... (2013 Defense Science Board Report)

Documents
Security Planning Susan Lincke Defining Security Metrics

Security Planning Susan Lincke Defining Security Metrics

Documents
Security Metrics What Can We Measure? - OWASP

Security Metrics What Can We Measure? - OWASP

Documents
Your Strategic Security Metrics Program - …cdn.ttgtmedia.com/.../downloads/Your_Security_Metrics_Program.pdf · Your Strategic Security Metrics Program Pete Lindstrom Senior Analyst,

Your Strategic Security Metrics Program - …cdn.ttgtmedia.com/.../downloads/Your_Security_Metrics_Program.pdf · Your Strategic Security Metrics Program Pete Lindstrom Senior Analyst,

Documents
RSA Conference 2012 Security Metrics

RSA Conference 2012 Security Metrics

Documents
Security Metrics

Security Metrics

Technology
Security Awareness Metrics – Measuring Human Behavior … · Security Awareness Maturity Model . Useful Metrics Focus on just a few, high value metrics. –A metric that measures

Security Awareness Metrics – Measuring Human Behavior … · Security Awareness Maturity Model . Useful Metrics Focus on just a few, high value metrics. –A metric that measures

Documents