By
Gerald Kovacich, CFE, CPP, CISSP, Certified Fraud Examiner, Certified Protection Professional, and Certified Information Systems Security Professional, Washington, USA
Edward Halibozek, MBA, Former Corporate VP of Security for a Fortune 100 company, Los Angeles, CA, USA
Description
Security metrics is the application of quantitative, statistical, and/or mathematical analyses to measuring security functional trends
and workload. In other words, tracking what each function is doing in terms of level of effort (LOE), costs, and productivity. Security
metrics management is the managing of an assets protection program and related security functions through the use of metrics. It can
be used where managerial tasks must be supported for such purposes as supporting the security professional’s position on budget matters,
justifying the cost-effectiveness of decisions, determining the impact of downsizing on service and support to customers, etc.
Security
Metrics Management is designed to provide basic guidance to security professionals so that they can measure the costs of their assets
protection program - their security program - as well as its successes and failures. It includes a discussion of how to use the metrics
to brief management, justify budget and use trend analyses to develop a more efficient and effective assets protection program.
Audience:
PRIMARY MARKET: (audience)Security Managers, Security Consultants, other Security Professionals
SECONDARY
MARKET: (audience)Students in security and business programs
