Covering information security metrics, this book provides practical advice on how to specify, develop, use, and maintain a more meaningful and useful system of metrics. It provides guidance on using metrics to identify problem areas and drive security improvements. With a focus on measurement, the author discusses metrics that support an information security management system that complies with ISO/IEC 27001. The text introduces capability maturity metrics that can be used to measure and drive continuous improvement in information security. It also introduces the PRAGMATIC mnemonic to help practitioners choose better metrics
Includes bibliographical references (pages 483-485) and index