| 000 -LEADER |
|---|
| fixed length control field |
02789cam a2200361 a 4500 |
| FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
130405s2013 flua b 001 0 eng d |
| LIBRARY OF CONGRESS CONTROL NUMBER |
|---|
| LC control number |
2012277208 |
| INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781439881521 |
| SYSTEM CONTROL NUMBER |
|---|
| System control number |
(OCoLC)ocn829957951 |
| CATALOGING SOURCE |
|---|
| Original cataloging agency |
CDX |
| Language of cataloging |
eng |
| Transcribing agency |
CDX |
| Modifying agency |
NEO |
| -- |
OCLCO |
| -- |
YDXCP |
| -- |
CLE |
| -- |
OCLCQ |
| -- |
ALAUL |
| -- |
OCLCQ |
| -- |
OCLCF |
| -- |
CRCPR |
| -- |
OCLCQ |
| -- |
DLC |
| AUTHENTICATION CODE |
|---|
| Authentication code |
lccopycat |
| LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
HD30.38 |
| Item number |
.B76 2013 |
| DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
658.4/780287 |
| Edition number |
23 |
| SYSTEM CONTROL NUMBER |
|---|
| System control number |
(IMchF)fol15670433 |
| DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20170126101241.0 |
| CONTROL NUMBER |
|---|
| control field |
65144 |
| CONTROL NUMBER IDENTIFIER |
|---|
| control field |
UOWD |
| MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Brotby, W. Krag |
| TITLE STATEMENT |
|---|
| Title |
Pragmatic security metrics : |
| Remainder of title |
applying metametrics to information security |
| Statement of responsibility, etc |
W. Krag Brotby and Gary Hinson ; preface by M.E. Kabay |
| VARYING FORM OF TITLE |
|---|
| Title proper/short title |
Applying metametrics to information security |
| PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) |
|---|
| Place of publication, distribution, etc |
Boca Raton, Fla : |
| Name of publisher, distributor, etc |
CRC Press, |
| Date of publication, distribution, etc |
c2013. |
| PHYSICAL DESCRIPTION |
|---|
| Extent |
xviii, 494 p. : |
| Other physical details |
ill. ; |
| Dimensions |
24 cm. |
| BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc |
Includes bibliographical references (p. 483-485) and index. |
| FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
Introduction --- Why Measure Information Security? --- The Art and Science of Security Metrics --- Audiences for Security Metrics --- Finding Candidate Metrics --- Metametrics and the PRAGMATIC Approach --- 150+ Example Security Metrics --- Designing PRAGMATIC Security Measurement System --- Advanced Information Security Metrics --- Downsides of Metrics --- Using PRAGMATIC Metrics in Practice --- Case Study ---- Conclusions ---- Appendix A: PRAGMATIC Criteria --- Appendix B: Business Model of Information Security (BMIS) --- Appendix C: Capability Maturity Model (CMM) --- Appendix D: Example Opinion Survey Form --- Appendix E: SABSA Security Attributes Table --- Appendix F: Prototype Metrics Catalog --- Appendix G: Effect of Weighting the PRAGMATIC Criteria --- Appendix H: ISO27k Maturity Scale Metrics --- Appendix I: Sample Management Survey --- Appendix J: Observer Bias --- Appendix K: Observer Calibration --- Appendix L: Bibliography. |
| SUMMARY, ETC. |
|---|
| Summary, etc |
Covering information security metrics, this book provides practical advice on how to specify, develop, use, and maintain a more meaningful and useful system of metrics. It provides guidance on using metrics to identify problem areas and drive security improvements. With a focus on measurement, the author discusses metrics that support an information security management system that complies with ISO/IEC 27001. The text introduces capability maturity metrics that can be used to measure and drive continuous improvement in information security. It also introduces the PRAGMATIC mnemonic to help practitioners choose better metrics. |
| STUDY PROGRAM INFORMATION NOTE |
|---|
| Program name |
ISIT937 |
| Institution to which field applies |
UOWD |
| SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Business enterprises |
| General subdivision |
Computer networks |
| -- |
Security measures |
| SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Computer security |
| SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Data protection |
| ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Hinson, Gary |
| ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Kabay, Michel E. |
| ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Koha item type |
REGULAR |