IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data Kindle Edition

4.2 out of 5 stars 11 customer reviews
ISBN-13: 978-0071713405
ISBN-10: 0071713409
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Kindle App Ad
Buy
$26.81
eBook features:
  • Highlight, take notes, and search in the book
  • Length: 401 pages
  • Enhanced Typesetting: Enabled
  • Page Flip: Enabled
  • Due to its large file size, this book may take longer to download
Sold by: Amazon Digital Services LLC
Digital List Price: $53.00

Deliver to your Kindle or other device

Rent from
Price
New from Used from
Kindle, August 22, 2010
"Please retry"
$26.81

Security
ITPro.TV Video Training
Take advantage of IT courses online anywhere, anytime with ITPro.TV. Learn more.
click to open popover

Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.


Editorial Reviews

About the Author

Lance Hayden, Ph.D., CISSP, CISM, is a Solutions Architect and Information Scientist with Cisco System's World Wide Security Practice where he helps Cisco's customers make informed decisions about their security operations. In addition to his private sector experience, he teaches at the University of Texas and is a former HUMINT officer with the Central Intelligence Agency.


Product Details

  • File Size: 10964 KB
  • Print Length: 401 pages
  • Page Numbers Source ISBN: 0071713409
  • Simultaneous Device Usage: Up to 4 simultaneous devices, per publisher limits
  • Publisher: McGraw-Hill Education; 1 edition (August 22, 2010)
  • Publication Date: August 22, 2010
  • Sold by: Amazon Digital Services LLC
  • Language: English
  • ASIN: B003WJR5XQ
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Lending: Not Enabled
  • Enhanced Typesetting: Enabled
  • Amazon Best Sellers Rank: #513,505 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images or tell us about a lower price?

Customer Reviews

Top Customer Reviews

Format: Paperback
I was not sure what to expect as I started reading IT Security Metrics (ISM). I had just discarded another new book, published in July 2010, supposedly about security metrics but really about nothing useful to anyone anchored in the operational IT world. Would ISM be another disappointment? Since Andrew Jaquith published Security Metrics in 2007, no other book had appeared to help security professionals measure their worlds. Thankfully, I can strongly recommend Lance Hayden's ISM as a very strong contributor to the discussion on security metrics. ISM's subtitle, "A Practical Framework for Measuring Security & Protecting Data," really does explain the purpose and value of this great new book.

One aspect of ISM that made a distinct impression was its justification of qualitative measurement. It's fashionable in the security metrics community to focus almost exclusively on quantitative measurement. This usually means focusing on data that is already in numeric form. One of the primary lessons in ISM is that qualitative data has immense value. The challenge is rendering qualitative data in a form that can be counted. On p 141 Hayden says "the heart of qualitative analytical techniques is the concept of coding, or assigning themes and categories to the data and increasingly specific levels of analysis." Hayden explains how to perform this analysis, as well as how to incorporate other crucial data sources such as process maps and documentation. While I was familiar with this approach I had basically discounted it due to the prevailing mindset in the security metrics community. Now I will try to incorporate qualitative analysis my metrics program.

ISM also succeeds by helping the reader focus on simple yet effective approaches such as Goal - Question - Metric.
Read more ›
Comment 22 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Kindle Edition Verified Purchase
I've been running a security program for over 10 years and once in a while a book or reference comes along that truly helps me in my work.

Lance Hayden's "IT Security Metrics" is one of those. My expectations were not terribly high as I've found most other metrics materials quickly devolve into near academic debate fodder. Thankfully in being able to preview a sample on the Kindle I was sold pretty quickly.

There is a prescriptive quality to the book that makes me stop as I'm reading to make notes and begin working on them. Despite his exhaustive academic background it seems Mr. Hayden also has a very solid real-world experience and blends the two in a way that I do not often see. Therein lays the value of this book in my opinion. Rather than simply telling us how to continue to slog through the daily barrage, or taking a highly ethereal, idealistic high ground position, this book describes in practical terms how we as security practitioners can systematically improve.

More importantly Mr. Hayden puts this improvement process purely in the context of the business we are there to support. Far too often security authors seem indifferent to the business implications of the art that we practice.

If you are looking for an A to Z checklist, this isn't for you. If you are an experienced IT security person then the methods and approach Lance Hayden suggests will take immediate root. It quite simply makes sense. There are some books that I have to force myself to pick up, this is one of those that I have to force myself to put down.

My only suggestion to Mr. Hayden -- turn this into a workshop!
Comment 9 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
There are, as it turns out, more than few books on security metrics, but only this one (and Andrew Jaquith's) are worth reading. This one is actually well-written, insightful AND useful - yes, all three. At times it goes into high concepts and methods (useful to know) and at times it is useful on a pretty much daily basis. If you plan to measure your security, get this book!
Comment 10 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
A great reference and how to implement a security metrics project or program. My first of several book exploring this area.

It stands the test of time and is still used and re-read for sections when needed professionally.

It delivers as promised.
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
In my search for a complete book on Information Security Metrics this was my third. I wish it was my first, it would have been the only one I needed, I couldn't put it down. Dr. Hayden's writing and messages are clear, well written, engaging, and downright USEFUL! Theory and Real world examples(from Cisco) are presented in a clear, engaging style. This book sits on my desk and I refer to it often as my Metrics program develops. If you need a book on this topic, this is THE ONE. Well Done!
Comment 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
Practing information security in a large organization it is very easy to get lost in the volumes and volumes of data. One of the strengths of Mr Hayden's book, is the proper placement of security metrics into the management of the organization. While it excellently covers the fundamental questions: What are good metrics?, How should we analyze the data?, What form should our process take? it goes beyond that and advocates that security metrics unrelated or unattached to the business are not going to be successful in bending the curve, as they say, to improving the overall security posture of the organization. If all of the professional's focus is on compiling data in a vacuum without the context and business knowledge to make it meaningful to the security sponsor it will be unread/unheeded (i.e. failure). I will further a point made earlier that the author takes up the Qualitative argument quite persuasively. In my professional opinion, considering that humans (i.e. employees) make up a significant part of any organization's security and that a reduction of their 'nature' to the purely quantitive is dubious there has to be a place for the qualitative so long as its logical and consistent.

Finally, I greatly appreciate the 'Further Reading' at the end of each section as it allows for a great exploration of the topic based on pre-qualified sources.

This book is a great professional asset.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Set up an Amazon Giveaway

IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data