- Home
- Products
- Integration
- Tutorial
- Barcode FAQ
- Purchase
- Company
IT Security Metrics in Software
IT Security Metrics Encode QR Code ISO/IEC18004 In None Using Barcode encoder for Software Control to generate, create QR Code image in Software applications. Read QR Code In None Using Barcode scanner for Software Control to read, scan read, scan image in Software applications. Figure 9-5 Generating QR Code In C#.NET Using Barcode maker for Visual Studio .NET Control to generate, create Denso QR Bar Code image in Visual Studio .NET applications. QR Code Printer In .NET Framework Using Barcode creator for ASP.NET Control to generate, create QR Code image in ASP.NET applications. Quality Companion process mapping interface
QR Generation In Visual Studio .NET Using Barcode creator for Visual Studio .NET Control to generate, create QR Code image in VS .NET applications. Encoding QR Code In Visual Basic .NET Using Barcode creation for Visual Studio .NET Control to generate, create Denso QR Bar Code image in .NET framework applications. Figure 9-6 Encoding EAN 13 In None Using Barcode generator for Software Control to generate, create EAN13 image in Software applications. Paint Bar Code In None Using Barcode creation for Software Control to generate, create barcode image in Software applications. Quality Companion process chart for patch management process activities
Encode Data Matrix 2d Barcode In None Using Barcode generation for Software Control to generate, create Data Matrix image in Software applications. Print ANSI/AIM Code 128 In None Using Barcode generation for Software Control to generate, create Code 128B image in Software applications. 9: Barcode Generation In None Using Barcode creator for Software Control to generate, create barcode image in Software applications. Creating Code 3 Of 9 In None Using Barcode drawer for Software Control to generate, create Code 39 image in Software applications. Measuring Security Cost and Value
UPC-E Supplement 5 Maker In None Using Barcode printer for Software Control to generate, create UPCE image in Software applications. Paint GS1-128 In Objective-C Using Barcode generation for iPhone Control to generate, create USS-128 image in iPhone applications. activities and integrate them with Minitab statistical software so that a metrics team can conduct exploratory, analytical, or experimental projects to help improve their operational activities At this point, the director was content with the simple reduction of some of the uncertainties regarding the company s patch-management process Code 39 Extended Encoder In Objective-C Using Barcode drawer for iPhone Control to generate, create Code 39 Full ASCII image in iPhone applications. European Article Number 13 Printer In None Using Barcode drawer for Word Control to generate, create UPC - 13 image in Office Word applications. Supporting Decision-Making with the Business Process Mapping Results
Code 39 Full ASCII Drawer In Java Using Barcode maker for Java Control to generate, create Code39 image in Java applications. Generating Barcode In .NET Using Barcode creator for VS .NET Control to generate, create bar code image in .NET applications. Beyond the immediate finding by the project team that the patch management process had no single owner, the data that emerged from the mapping exercise was instructive in helping the director understand why the process was inefficient With duties split among several people, none of whom were assigned patching as a primary job responsibility, the coordination that took place among them was not enough to overcome the fact that patching was understaffed The patching virtual team shared monitoring and evaluation duties, communicating primarily via e-mail Security advisories were picked up pretty quickly, but evaluation of the advisories and their impact on the company could take days as the team researched and communicated back and forth In some cases, no patch was available and alternative processes for ensuring security were kicked off until a patch was released Once a patch was obtained, it required testing before rollout, and at this stage of the process, the most significant delays were introduced Patch testing required dedicated lab time and the virtual team members were often too busy with other activities or projects to begin the tests immediately Altogether, the amount of time dedicated by the company to this task was one full-time equivalent employee across the five members of the virtual team The resulting delays as the team members found time to test the patches in queue could result in delays of two weeks or more before a decision could be made on rolling out the patch to production systems When a patch failed testing, this delay could increase even more as the team had to research alternatives and look for other mechanisms of securing affected systems Once testing was complete, the delays diminished as the members of the team were able to work with system owners to implement the patches as part of their normal duties Rollout was usually completed within a week, giving system owners sufficient time to identify any issues resulting from the patch One major discrepancy identified by the mapping exercise concerned the documentation of the patching efforts and the updating of appropriate configuration standards This activity was required by the company s security policy, but the project team found that in most cases the required updates to the standards were not completed within months of the rollout, and in some cases they had never been documented This oversight could be attributed to the staff members involved in patching quickly moving back to their normal duties after patching was complete every patching team member described feeling that patching was about getting the critical tasks off the plate and moving on quickly to other priorities Using the insights from the business process analysis pilot, the director began making more informed decisions about how to improve the process He changed the job descriptions within the security team to assign one individual full-time patching responsibilities and put that person in charge of coordinating the virtual team EAN13 Decoder In .NET Using Barcode recognizer for .NET Control to read, scan read, scan image in .NET framework applications. UCC - 12 Maker In .NET Using Barcode creation for VS .NET Control to generate, create UCC - 12 image in Visual Studio .NET applications. IT Security Metrics
He also used the project data as a justification for more headcount, showing the CIO that the inefficiencies in the security processes were not the result of poor operations but of a lack of sufficient resources that was putting the company at risk of a major virus outbreak or an attack on vulnerable systems Most certainly, the measurements conducted during this project led into subsequent measurement projects One follow-on project was to design an experiment around the assignment of the single point of responsibility for the patching process After implementing the change, process data was be reevaluated periodically to determine whether reductions resulted in the calendar durations of any activities Should such reductions be achieved, analysis could be conducted to determine whether those reductions were the result of the changes to the process or of random chance This is another area where the features of Quality Companion and similar process analysis tools can be put to use
|
|