Purpose:
As security managers and professionals we're increasingly being asked to justify investment on security processes and initiatives. The board / senior management want to understand, is our investment in IS security paying its way?
As yet there are no standard approaches to providing metrics able to answer such questions, yet the pressure is on to respond.
The purpose of this education day is to provide you with a 'toolkit' of concepts and methods to assist you to develop and present credible and effective security metrics to your organisation.
Suggested learning outcomes:
- Appreciate the different purposes and goals of security metrics
- Understand techniques that can (and that shouldn't) be applied
- Gain a practical insight into development of security metrics
- Have an understanding emerging standards
- Have knowledge of security metrics presentation techniques for different purposes
Suggested programme:
10.00-10.30 Plenary – Howard Page (War stories,
scene setting)
10.30-11.10 Gary Hinson (techniques, e.g. measure vs correlate)
11.10-11.30 Tea Break
11.30-12.00 Ron Segal (measuring things hard to measure)
12.00-12.30 Set scene for workshop (Gary)
12.30-13:00 Lunch (and discuss scenario)
13.00-13.45 Workshop sindicates and presentations (Gary)
13.45-14.10 Howard Page (Practical experiences at SSC)
14.10-14.30 Tea Break
14.30-15.10 Alisdair McKenzie / Gary (emerging standards)
15.10-16.00 Presenting security metrics (?)
16.00-16.30 Closing Remarks,Board Review,Panel
Discussion
16.30-Close After-match function
- Login to post comments
- 279 reads