PRAGMATIC Security Metrics

Authors: W.Krag Brotby and Gary Hinson

The book is about how to make security metrics, assess, for whom to use them, but above all that it is useful to use them.

PAGMATIC stands for:

  • Predictive
  • Relevant
  • Actionable
  • Genuine
  • Meaningful
  • Accurate
  • Timely
  • Independent
  • Cheap

And these are the criteria on which each indicator must be assessed.

My personal favorite is the first: Predictive. An indicator must be able to tell something about what can be expected in the near future. The second is Actionable for me, because an indicator must be able to provide a measure that can adjust the indicator. Meaningful is important, because too often the owners of the indicators are disappointed, because too easy indicators are made, which are quickly and easily measurable, but tell us only a little bit about the security of the organization. Meaningful, in my view, is diametrically opposed to Cheap, which had to be “Complex”, because more complex indicators carry more information, but are more difficult to obtain, more difficult to interpret and therefore more expensive to use.

Accurate then reminds me of the fact that indicators best yield figures that are correct. A lot of discussion must be allowed, which is difficult when the indicators are not defined and / or measured accurate.

The seventh characteristic, Timely, indicates the natural characteristic that the management has no message from indicators that have already passed their time. This is also important for the predictive nature of the indicator.

The book opens with an office memorandum: the CEO of the company briefly asks the CSO to argue why Information Security is important. An answer that is due ‘tomorrow’.

The book then begins with a chapter that is indispensable: a lot of inspiration to make clear to the various target groups in the organization why working with Security Indicators is important, besides the fact that they already have the habit to use many other indicators, mainly financially.

This is followed by chapters on amongst other things, why we want to measure Security. This too can be motivating to help convince people in the organization.

The next important chapter is Chapter 6, which gives us an introduction to the mnemonic PRAGMATIC. Ultimately, however, the reader is free to choose other criteria.

However, the main chapter is claimed in Chapter 7 by applying the PRAGMATIC criteria to 150+ indicators, with a discussion of each one of them. This is to immerse the reader in the principle of thinking according to these criteria.

Then the book goes on to set up an Information Security Measurement System and the things that can be used for this. An introduction is given in Key Indicators, the disadvantages of metrics, and the practice is highlighted in, among other things, a chapter dealing with the case of the office memorandum in the beginning. This is followed by a not too complex conclusion. The book concludes with a reply from the CSO to the CEO’s question at the beginning of the book.

11 thoughts on “PRAGMATIC Security Metrics

  1. hello there and thank you for your information ? I’ve definitely picked up anything new from right here.
    I did however expertise some technical points
    using this web site, as I experienced to reload the web site a lot of times previous to I could get it to load correctly.

    I had been wondering if your hosting is OK? Not that I’m complaining, but slow loading instances times will sometimes affect your placement in google and can damage
    your quality score if ads and marketing with Adwords. Well I am adding this RSS to my email and can look out for a lot more of your respective exciting content.
    Make sure you update this again soon.

    my site … certiport certification, Angeline,

  2. First of all I would like to say great blog! I had a quick question which I’d
    like to ask if you don’t mind. I was interested to find out how you center yourself and clear
    your mind before writing. I’ve had difficulty clearing my thoughts
    in getting my ideas out. I truly do enjoy writing however it just
    seems like the first 10 to 15 minutes are generally lost just trying
    to figure out how to begin. Any suggestions or hints? Kudos!

    Also visit my webpage; seeking oracle certification (Arletha)

  3. Post writing is also a fun, if you be acquainted with afterward you can write or
    else it is complex to write.

    Feel free to surf to my site :: certification test (Hope)

  4. Does your blog have a contact page? I’m having problems locating it
    but, I’d like to shoot you an e-mail. I’ve got some suggestions for your blog you might be interested in hearing.
    Either way, great blog and I look forward to seeing it
    expand over time.

    Also visit my site :: personal trainer certification; Blondell,

  5. Appreciation to my father who stated to me
    about this blog, this weblog is really amazing.

    Also visit my website :: telecom certifications (Karma)

  6. You’re so interesting! I don’t believe I’ve truly read through a
    single thing like this before. So wonderful to find somebody with a few original thoughts on this
    subject. Seriously.. thanks for starting this up. This site is something that is required on the internet, someone with
    some originality!

    Here is my web blog – prepare sap certification

  7. Way cool! Some extremely valid points! I appreciate you writing this article and
    the rest of the website is really good.

    my homepage: pmp exam (Reda)

  8. I am just writing to make you know of the awesome discovery my wife’s child enjoyed using your
    webblog. She came to understand lots of details, including what it’s like to have an ideal helping character to let many people very easily understand some grueling things.
    You really did more than her desires. Thanks for distributing such warm and friendly, dependable, explanatory and easy tips about your
    topic to Kate.

    Feel free to visit my site nortel exams Preparation

  9. hello there and thank you for your information ? I’ve certainly picked up
    something new from right here. I did however expertise
    create a multiple choice exam (Francis) few technical points using this web site, since
    I experienced to reload the web site many times previous to I could get it to load correctly.
    I had been wondering if your web host is OK? Not that I am complaining, but slow loading
    instances times will often affect your placement in google and could damage your quality score if ads and marketing with Adwords.
    Well I’m adding this RSS to my email and could look out for a
    lot more of your respective intriguing content. Ensure that you update this again soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*
Website