Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
¶ … security has become critical in almost all business functions since it can ensure that organizations conduct their businesses and deliver services to the public without any fear of threats or sabotage. The push towards securing organizational information has resulted in the need for developing better metrics for comprehending the actual state of a given organization's security infrastructure (Seddigh et al.,2004).The work of Vaugh, Henning and Siraj (2009,p.9) noted that the adoption of metrics or measures for reliable depiction of the information assurance level that is associated with a given software and hardware system is one of the unresolved problems in the field of security engineering.. In this paper, we evaluate whether devising metrics can really work for Information Assurance programs. We also find out if there is a need for taking additional steps in making sure that the metrics we are using are really measuring our IA programs and strategy.
The need for information assurance measures and metrics
The concepts of metrics and measures in regard to information assurance...
This means making IA a concept that ca be instrumented or measured (Henning et al.,2008). This approach can allows for a system's information assurance properties to be analyzed in a similar way in which the traditional software complexity, productivity measures as well as test case coverage is done. Information assurance must take into account information security, the quality of services as well as system availability. These measures and metrics can be treated as performance measures that are used in quantifying the effectiveness of a given organization's information security infrastructure. The work of Chew et al. (2006, p.10) defined the concept of performance measures as the indicators, metrics and statistics that are used in gauging the performance of a given program.
Can devising metrics really work?
The answer this question is no. This is because there is not a single successful metric or measure that can be used to quantify the level of assurance that exists in a given system (Vaugh, Henning…
References
Chew, E., Clay, A., Hash, J., Bartol, N., & Brown, A. (2006). Guide for developing performance metrics for information security: Recommendations of the National Institute of Standards and Technology. Gaithersburg, MD: U.S. Dept. Of Commerce, Technology Administration, National Institute of Standards and Technology. Retrieved October 23rd, 2012 from http://permanent.access.gpo.gov/lps72067/draft-sp800-80-ipd.pdf
Henning, RR et al. (2000) Information Assurance Metrics: Prophecy, Process, or Pipedream-Available online at http://csrc.nist.gov/nissc/2000/proceedings/papers/201.pdf
Seddigh, N et al. (2004).Current Trends and Advances in Information Assurance Metrics. Available online at http://solananetworks.com/documents/PST2004.pdf
Vaughn, RB., Henning, R., Siraj.,A (2003).Information Assurance Measures and Metrics- State of Practice and Proposed Taxonomy. Proceedings of the 36th Hawaii International Conference on System Sciences -- 2003
security and governance program is "a set of responsibilities and practices that is the responsibility of the Board and the senior executives." This is the procedures by which the company ensures information security in the organization. The program consists of desired outcomes, knowledge of the information assets, and process integration (ITGI, 2013). Security of information is important because of the value of information, especially proprietary, in today's business world.
Synopsis Because the majority of critical infrastructure components in the United States are privately owned, compliance with Department of Homeland Security risk assessment methods remains voluntary. Risk assessments of critical infrastructure focus on threat, vulnerability, and consequences, with all types of assessments integral to helping improve resilience and mitigate problems (GAO, 2017). A vulnerability analysis of the nation’s information technology critical infrastructure reveals several points of weakness and security gaps. The
(Gartenberg, 2005) Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify. The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are
Despite these concerns however the world's largest companies still actively promote and routinely hype the value of cloud computing without mentioning the myriad of risk associated with this platform, despite its continual maturation from a security and stability standpoint [2]. An example of this is type of hype is when Microsoft's Steve Balmer described cloud computing as the next frontier and Dr. Ajei Gopal verified that the cloud is there
Security Information is the Power. The importance of collecting, storing, processing and communicating the relevant information presently is viewed as crucial in order to achieve success in almost all the fields be it business firms, individuals or organizations. An integrated set of components assisting collection, store, process and communication of information is termed as information system. Increasing dependence on information systems is noticed in order to excel in the respective fields