Latest Content from CSI:

Is Data Loss Plummeting?

Our guess is that the primary finding of the latest Verizon business 2011 Data Breach Investigations Report –namely that even with doubling the number of examined incident cases, the total number of compromised data records dropped by an order of magnitude—will be so unpalatable to some that the report will fall off the radar in a hurry.  [more]

STAY CONNECTED WITH CSI!

We post valuable information, special discounts and offer you the opportunity to give your opinion and feedback to other security professionals and CSI.

     

  CSI's Robert Richardson's Twitter
Online Events

Stay informed with our interactive webinars and virtual events.

 CSI Online Events
CSI Computer Crime & Security Survey

The most widely cited cybercrime statistics in the world. Access your copy today.

 CSI Computer Crime & Security Survey
ICSC 2011

May 19-21, 2011 in Mumbai, India
ICSC 2011 features a comprehensive program, covering key topics, to provide the security knowledge one needs to succeed in today's environment.
Learn more here.

 ICSC 2011
CSI's Mission

If you're an information security professional or are aspiring to be one, then CSI is here to help you succeed.

 CSI Logo

Metrics Training On-Demand

Metrics That Actually Improve Security
Presenter:  Jennifer Bayuk
Originally Aired:  Tuesday, June 29, 2010, 1pm ET - 4pm ET
Price: $200
Register Now

ALREADY AN ELITE MEMBER or REGISTERED? - Click here to launch the video.

Measurement maps from observations to formal representations in a repeatable manner. Information Security is not easily observed, and formal representations are elusive. Attempts to measure information security have created a wide variety of metrics characterizations. This course will survey the security metrics methodologies available to today’s practitioner, and explore the pros and cons of each. 

Specific topics include: 

  • Metrics type characterization and the utility of each in contributing information required to manage a security program. 
  • How to understand the contextual value (if any) in metrics designed to show the efficacy of a security program.
  • Data, tools, and techniques to demonstrate that metrics correspond to systems architecture.
  • Remediation metrics and how they differ from risk management metrics.
  •  How to determine whether metrics correspond to control points.
  •  Mapping metrics to InfoSec program objectives.
  • How to spot misleading metrics.
  • Examples and exercises in metrics development.

References:  

  • Bayuk, J.,Security Metrics, The Computer Security Journal, Vol XVII, No 1, a Computer Security Institute publication, January, 2001. 
  • Jaquith, A, Security Metrics, RR Donnelly, 2007.  
  • Herrmann, D, Complete Guide to Security and Privacy Metrics, Auerbach, 2007.

Register Now

ALREADY AN ELITE MEMBER or REGISTERED? - Click here to launch the video.

For more information, please email csi@ubm.com.