Operatios and technical security metrics as a framework of monitoring and measurement in the information security
The process of measurement object selection is identified through by a measurement framework to eliminate process of guessing or assumption, a framework should be developed to guide organization how to define security metric such as object selection, method and indicator of analysis. The security metric could be obtained from non-conformance audit findings and security incidents that relevant to operation and technical security control that being supported by risk assessment and security measurement guidance. Some information are collected as mandatory record in this framework such as records of non-conformance audit finding and security incidents, risk assessment and implementation evidence. Several statistic modules is used such as two sample assuming equal variance and Pearson r correlation to validate the acceptability of this framework in the security management system implementation. This framework is shown to be a best practice in the security control measurement which organization focuses to non-conformance findings and security incidents to prevent incident during the implementation. Result of validation test is shown that the framework could be implemented as guidance of security measurement.
M00299 | (Rack Thesis) | Available |
No other version available