Pdf 10708296

Metrics and Analysis in Security Management

May 1, 2012
The use of metrics and analysis (MA) is a sophisticated practice in security management that takes advantage of data to produce usable, objective information and insights that guide decisions. In addition, MA provides chief security officers (CSOs) with clear evidence of their operations’ value, expressed in the language of top management. This paper synthesizes the current MA literature in the security management field. It describes the use of metrics and analysis to improve decision making, strengthen security operations and gain support for the security and risk management operation. It then describes the process of developing specific metrics, collecting and managing data and performing useful analyses with security risk-focused software.

The use of metrics and analysis (MA) is a sophisticated practice in security management that takes advantage of data to produce usable, objective information and insights that guide decisions. In addition, MA provides chief security officers (CSOs) with clear evidence of their operations’ value, expressed in the language of top management. This paper synthesizes the current MA literature in the security management field. It describes the use of metrics and analysis to improve decision making, strengthen security operations and gain support for the security and risk management operation. It then describes the process of developing specific metrics, collecting and managing data and performing useful analyses with security risk-focused software.