PRAGMATIC Security Metrics: Applying Metametrics to Information Security


Posted on by Ben Rothke

Like all books on metrics, early in the book in PRAGMATIC Security Metrics: Applying Metametrics to Information Security makes the statement that “you can't manage what you can't measure”.

The authors claim that other books on information security metrics discuss number theory and statistics in academic terms.  This title promises to be light on mathematics and heavy on utility and is meant as a how-to-do-it guide for security metrics.

As to the title, PRAGMATIC is an acronym for the basis of the method of the book, in using metrics that are predictive, relevant, actionable, genuine, meaningful, timely, independent and cost.  

After reading the first chapter, PRAGMATIC Security Metrics: Applying Metametrics to Information Security looks like it may live up to its promise of being able to use metrics not only to track and report performance but to identify problem areas and opportunities, and drive information security improvements.  If so, this could be the metrics book a lot of information security professionals have been waiting for.

Full review to follow


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community