barcode with vb.net Managing Security Measurement with a Security Improvement Program in Software

Generator QR Code ISO/IEC18004 in Software Managing Security Measurement with a Security Improvement Program

Managing Security Measurement with a Security Improvement Program
Generate QR Code In None
Using Barcode maker for Software Control to generate, create QR Code JIS X 0510 image in Software applications.
QR-Code Reader In None
Using Barcode decoder for Software Control to read, scan read, scan image in Software applications.
I began discussing the Security Improvement Program (SIP) in the context of Security Process Management (SPM) in 4 The SIP is designed to contextualize and guide security measurement so that the metrics and data that result from particular efforts at measuring security operations are used strategically as well as tactically In Figure 4-3 of that chapter, the SIP is shown as a string of security measurement projects that are connected over time In this model, each project is part of a knowledge loop in which the efforts and results of the previous project are explicitly used to inform and guide the next project Like many of the ideas in this book, this is by no means a revolutionary concept and is a central tenet of organizational knowledge management But after years of managing and consulting on security, I ve found that capturing and reusing this knowledge is not typically prioritized in security organizations I ve seen repeated security engagements that stretch over years in which the connections between the engagements, even those that are similar or repeated efforts, are never explored Instead, these projects are just one more box on a checklist of annual activities that need to be completed, an attitude that speaks as much to problems with security vendors as it does to the companies engaging them
Generate QR Code In Visual C#
Using Barcode maker for .NET framework Control to generate, create QR-Code image in .NET framework applications.
Paint QR Code In .NET
Using Barcode generator for ASP.NET Control to generate, create QR Code ISO/IEC18004 image in ASP.NET applications.
IT Security Metrics
QR Code 2d Barcode Creator In .NET Framework
Using Barcode generation for .NET Control to generate, create Denso QR Bar Code image in VS .NET applications.
Make QR Code ISO/IEC18004 In VB.NET
Using Barcode creation for .NET framework Control to generate, create Denso QR Bar Code image in VS .NET applications.
The 4 image of the SIP is overly simple in itself, focusing on the connections between repeated projects over time A more accurate, but still very simple, expansion of this concept can be found in Figure 11-1, which shows the relationships among multiple projects during several years In this visualization, a single security measurement project (SMP) conducted in 2007 leads to a repeat of the project in subsequent years, but it also spawns related projects that are specifically driven by the findings of the first As more projects are added, the information flows between the projects increase, and the result begins to show the real complexity of holistic security practices The most important aspects of the SIP concept are the arrows in the diagram, representing the knowledge relationships between individual projects Projects are the way that things get done in an enterprise, but programs are the way that these efforts are made to represent something larger than the sum of the parts In IT security measurement, SMPs can provide data and insights, but it is only through the programmatic approach of the SIP that these individual measurement efforts can be used to measure and manage security as a real business process
Generating UPC A In None
Using Barcode maker for Software Control to generate, create UPC-A Supplement 2 image in Software applications.
Printing ANSI/AIM Code 39 In None
Using Barcode generation for Software Control to generate, create Code 39 image in Software applications.
SMP SMP SMP
Making GS1 - 13 In None
Using Barcode maker for Software Control to generate, create EAN13 image in Software applications.
ECC200 Generation In None
Using Barcode printer for Software Control to generate, create Data Matrix ECC200 image in Software applications.
SMP 2007
Painting Barcode In None
Using Barcode maker for Software Control to generate, create bar code image in Software applications.
Encode GS1-128 In None
Using Barcode drawer for Software Control to generate, create GTIN - 128 image in Software applications.
SMP 2008
British Royal Mail 4-State Customer Barcode Creator In None
Using Barcode generation for Software Control to generate, create British Royal Mail 4-State Customer Barcode image in Software applications.
Linear Barcode Creation In C#
Using Barcode drawer for .NET framework Control to generate, create Linear image in VS .NET applications.
SMP 2009
UCC - 12 Generator In .NET
Using Barcode generation for Reporting Service Control to generate, create USS-128 image in Reporting Service applications.
Generate Code 128 Code Set A In None
Using Barcode printer for Font Control to generate, create Code 128B image in Font applications.
Figure 11-1 Expanded SIP concept with multiple SMPs over several years
Data Matrix ECC200 Printer In None
Using Barcode encoder for Office Excel Control to generate, create Data Matrix 2d barcode image in Microsoft Excel applications.
Encoding Code 39 In None
Using Barcode creation for Online Control to generate, create Code-39 image in Online applications.
11:
GTIN - 13 Scanner In None
Using Barcode scanner for Software Control to read, scan read, scan image in Software applications.
Barcode Maker In Visual Basic .NET
Using Barcode generator for Visual Studio .NET Control to generate, create barcode image in VS .NET applications.
The Security Improvement Program
Governance of Security Measurement
What I am proposing in the SIP is a method of governance over your security metrics activities Defining, managing, and improving the collaborations and connections between SMPs is different from operating those projects Governance is about big picture management, and at an even larger level it is currently a hot-button topic in industry, as companies are increasingly being asked to be more accountable for the ways that they run their businesses by everyone from governments, to industry groups, to shareholders and customers Governance is often associated with regulatory compliance and the management of public institutions or publicly traded corporations, but governance has a broader definition with regard to effective strategy development and execution Nevertheless, as I noted earlier in this chapter, evidence shows that effective governance at a high level can have definite bottom-line impact on organizational effectiveness at all levels If you consider an individual SMP, such as those that I have described in the preceding chapters, you will find the goals, questions, and metrics that you use to define, limit, and bound the project A main purpose of the GQM model is to create smaller, more manageable projects to avoid scope creep and to make the measurements and data involved in each project as meaningful and as specific as possible In an SMP, you drill deep, but you do not focus broadly, which has advantages when you are exploring a security question in detail But if you are trying to improve security across the complex and interrelated elements of enterprise-wide security, this focus on the specific can become a disadvantage if you have not thought about how you will pull all those results together You will end up with a lot of interesting specialist data and information, but not much knowledge about what it means for managing organizational risks as a whole The resulting uncertainties that exist between projects and measurement can produce significant risks Identifying a lot of dots is not the same thing as connecting those dots to create a meaningful picture Worse, if all you know are your own dots, you may make the mistake of assuming that you have the complete picture when you really are taking a parochial view Governance is about getting high enough above the details to see the patterns, risks, and opportunities that are not visible at the lower levels of detail Governance, at heart, is about strategy and does not apply to any single thing As you implement your security metrics program, you need to assess not only how you are measuring those aspects of security that you feel are important, but also how you decided what was important and how those decisions fit into your overall security strategy I can t tell you how to prioritize your particular challenges or how to decide what is important to your organization beyond the most basic common sense advice What I can tell you is that governance is about defining and documenting those decisions so that if anyone does ask, you aren t left looking like a deer in the headlights Defining what constitutes risk and security within an organization is one of those things that often may seem so basic that many people do not even bother to do it Many security managers have been unable to give me a specific answer to the question, What is your risk Of course, they have a lot of ideas about problems or challenges that they face, but not enough formal definition or analysis of those problems and challenges to begin to measure them to any degree of precision The purpose of implementing a
Copyright © OnBarcode.com . All rights reserved.