Authors: W.Krag Brotby and Gary Hinson
The book is about how to make security metrics, assess, for whom to use them, but above all that it is useful to use them.
PAGMATIC stands for:
- Predictive
- Relevant
- Actionable
- Genuine
- Meaningful
- Accurate
- Timely
- Independent
- Cheap
And these are the criteria on which each indicator must be assessed.
My personal favorite is the first: Predictive. An indicator must be able to tell something about what can be expected in the near future. The second is Actionable for me, because an indicator must be able to provide a measure that can adjust the indicator. Meaningful is important, because too often the owners of the indicators are disappointed, because too easy indicators are made, which are quickly and easily measurable, but tell us only a little bit about the security of the organization. Meaningful, in my view, is diametrically opposed to Cheap, which had to be “Complex”, because more complex indicators carry more information, but are more difficult to obtain, more difficult to interpret and therefore more expensive to use.
Accurate then reminds me of the fact that indicators best yield figures that are correct. A lot of discussion must be allowed, which is difficult when the indicators are not defined and / or measured accurate.
The seventh characteristic, Timely, indicates the natural characteristic that the management has no message from indicators that have already passed their time. This is also important for the predictive nature of the indicator.
The book opens with an office memorandum: the CEO of the company briefly asks the CSO to argue why Information Security is important. An answer that is due ‘tomorrow’.
The book then begins with a chapter that is indispensable: a lot of inspiration to make clear to the various target groups in the organization why working with Security Indicators is important, besides the fact that they already have the habit to use many other indicators, mainly financially.
This is followed by chapters on amongst other things, why we want to measure Security. This too can be motivating to help convince people in the organization.
The next important chapter is Chapter 6, which gives us an introduction to the mnemonic PRAGMATIC. Ultimately, however, the reader is free to choose other criteria.
However, the main chapter is claimed in Chapter 7 by applying the PRAGMATIC criteria to 150+ indicators, with a discussion of each one of them. This is to immerse the reader in the principle of thinking according to these criteria.
Then the book goes on to set up an Information Security Measurement System and the things that can be used for this. An introduction is given in Key Indicators, the disadvantages of metrics, and the practice is highlighted in, among other things, a chapter dealing with the case of the office memorandum in the beginning. This is followed by a not too complex conclusion. The book concludes with a reply from the CSO to the CEO’s question at the beginning of the book.
Appreciation to my father who informed me concerning this weblog, this weblog is truly amazing.
my web site; itil certification
hello there and thank you for your information ? I’ve definitely picked up anything new from right here.
I did however expertise some technical points
using this web site, as I experienced to reload the web site a lot of times previous to I could get it to load correctly.
I had been wondering if your hosting is OK? Not that I’m complaining, but slow loading instances times will sometimes affect your placement in google and can damage
your quality score if ads and marketing with Adwords. Well I am adding this RSS to my email and can look out for a lot more of your respective exciting content.
Make sure you update this again soon.
my site … certiport certification, Angeline,
First of all I would like to say great blog! I had a quick question which I’d
like to ask if you don’t mind. I was interested to find out how you center yourself and clear
your mind before writing. I’ve had difficulty clearing my thoughts
in getting my ideas out. I truly do enjoy writing however it just
seems like the first 10 to 15 minutes are generally lost just trying
to figure out how to begin. Any suggestions or hints? Kudos!
Also visit my webpage; seeking oracle certification (Arletha)
Post writing is also a fun, if you be acquainted with afterward you can write or
else it is complex to write.
Feel free to surf to my site :: certification test (Hope)
Does your blog have a contact page? I’m having problems locating it
but, I’d like to shoot you an e-mail. I’ve got some suggestions for your blog you might be interested in hearing.
Either way, great blog and I look forward to seeing it
expand over time.
Also visit my site :: personal trainer certification; Blondell,
Appreciation to my father who stated to me
about this blog, this weblog is really amazing.
Also visit my website :: telecom certifications (Karma)
You’re so interesting! I don’t believe I’ve truly read through a
single thing like this before. So wonderful to find somebody with a few original thoughts on this
subject. Seriously.. thanks for starting this up. This site is something that is required on the internet, someone with
some originality!
Here is my web blog – prepare sap certification
Way cool! Some extremely valid points! I appreciate you writing this article and
the rest of the website is really good.
my homepage: pmp exam (Reda)
I am just writing to make you know of the awesome discovery my wife’s child enjoyed using your
webblog. She came to understand lots of details, including what it’s like to have an ideal helping character to let many people very easily understand some grueling things.
You really did more than her desires. Thanks for distributing such warm and friendly, dependable, explanatory and easy tips about your
topic to Kate.
Feel free to visit my site nortel exams Preparation
hello there and thank you for your information ? I’ve certainly picked up
something new from right here. I did however expertise
create a multiple choice exam (Francis) few technical points using this web site, since
I experienced to reload the web site many times previous to I could get it to load correctly.
I had been wondering if your web host is OK? Not that I am complaining, but slow loading
instances times will often affect your placement in google and could damage your quality score if ads and marketing with Adwords.
Well I’m adding this RSS to my email and could look out for a
lot more of your respective intriguing content. Ensure that you update this again soon.
Hello, i feel that i noticed you visited my web site thus i came to ?go back the prefer?.I am attempting to find
issues to enhance my web site!I assume its ok to use a few of your concepts!!
Feel free to surf to my webpage … mblex practice exams