Database Reference
In-Depth Information
Metrics for the objectives
A few example metrics that would allow you to see whether you are meeting the
objectives might be as follows:
• Guarantee good custodianship of customer data. You would count security
incidents involving customer data to measure success in this objective.
• Maintain a good reputation with regard to security. You would count
incidents and findings that could cause reputational harm to measure and
maintain success in this objective.
• Segregation of Duties required to authorize and disperse funds. You would
count the number of Segregation of Duties violations.
• Minimize time between End of Employment and Revocation of Accounts.
You would measure the latency between the HR transaction and the
transaction in the security system.
Perspectives from standard bodies and
professional institutions
As part of briefing the security executives, it is worth reviewing how this domain
is described by their peers and professional institutions.
IT Governance Institute
In 2001, ITGI published
Information Security Governance: Guidance for Boards
of Directors and Executive Management
.
Information Security governance is a subset of enterprise governance that provides
strategic direction, ensures objectives are achieved, manages risk appropriately,
uses organizational resources responsibly, and monitors the success or failure of the
enterprise security program.
ISO 17799
Information security is characterized within ISO 17799 as the preservation of:
•
Confidentiality:
: Ensuring that information is accessible only to those
authorized to have access to it
•
Integrity
: Safeguarding the accuracy and completeness of information
and processing methods
•
Availability
: Ensuring that authorized users have access to information
and the associated assets when required
Search WWH ::
Custom Search