information security metrics dashboards and progress reports
DESCRIPTION
TRANSCRIPT
![Page 1: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/1.jpg)
1
Representing Security Metrics in DashBoardsand Progress Reports
© Inovement and Vicente Aceituno 2013
![Page 2: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/2.jpg)
2
Metrics Representation
Metrics are measurements that gain meaning from comparison with previous or equivalent measurements.
For example, “A kid’s height is 100cm” means nothing.
“The height of a kid is 100cm in while the height of more than 95% kids is age is 90cm or less” means he is TALL.
![Page 3: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/3.jpg)
3
Metrics Representation
We get the most value from Metrics when we investigate the root causes for measurements that deserve our attention.
Correct representation of metrics can make obvious when a measurement deserves investigation.
Unfortunately, many representations of metrics hide meaning instead of highlighting it.
![Page 4: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/4.jpg)
4
Metrics Representation
There are 15 main metrics for a process or a control.
It is not practical to represent every metric for every control or process in an ISMS when there is a large number of controls.
It is therefore necessary to choose and find a compact way to represent metrics in order to gain situational awareness.
Note: The canonical list of security metrics will be published early 2014 in a white paper.
![Page 5: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/5.jpg)
5
Metrics Representation
The interpretation of a metric always renders one or several of the following meanings:
Current Value: Normal or Abnormal. Satisfactory or Unsatisfactory.
Trend: Better or Worse. Increase or Decrease.
A good use of color and arrows can represent this in a compact a visually evident way.
Telling issues to investigate from those that require urgent attention evident brings added value to the dasboard.
![Page 6: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/6.jpg)
6
Metrics Representation Some metrics correlate with value, some not,
for example; Without value:
Number of drops in a firewall. Fewer drops doesn’t we are not being attacked.
Number of viruses cleaned. More viruses cleaned doesn’t mean systems are cleaner.
With value: Backups performed. The more backups, the more
data can be recovered. Authorized logins successful. When authorized
people can login, they can work.
![Page 7: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/7.jpg)
7
Metrics Representation When a metric does not correlate with value we have
the following meanings: Current Value:
Normal or Abnormal. Trend:
Increase or Decrease.
When a metric correlates with value we have the following meanings:
Current Value: Satisfactory or Unsatisfactory.
Trend: Better or Worse.
![Page 8: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/8.jpg)
8
Metrics Representation
When a metric is not about value it can be represented using a square.
When a metric is about value it can be represented using a circle.
![Page 9: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/9.jpg)
9
Metrics Representation
Normal / Abnormal is a distinction that can be represented using Blue (Normal), Grey (Abnormal) and Black (Abnormal) for urgent Action.
Satisfactory / Unsatisfactory is a distinction that can be represented using Green (Satisfactory), Yellow (Unsatisfactory) and Red (Unsatisfactory) for urgent Action.
![Page 10: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/10.jpg)
10
Increase / Decrease trends is a distinction that can be represented using an arrow colored depending if the trend makes the current situation likely to stay.
Better / Worse trends is a distinction that can be represented using an arrow colored depending if the trend makes the current situation likely to stay.
Metrics Representation
![Page 11: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/11.jpg)
11
Metrics Representation
The direction of the arrow indicates the type of change.
The color of the arrow indicates what that means.
A straight up or down arrow indicates the need for urgent action.
Examples:
![Page 12: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/12.jpg)
12
Metrics Representation
Exercise: Guess what the following mean:
![Page 13: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/13.jpg)
13
Metrics Representation
Solution:
Abnormal, Increasing towards Normal, Urgent Action
Abnormal, Decreasing towards Normal
Normal, Decreasing
Unsatisfactory, Getting better, Urgent Action
Satisfactory, Getting worse
Unsatisfactory, Getting worse fast, Urgent Action
![Page 14: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/14.jpg)
14
Metrics Representation
To summarize, any Security Metrics work is incomplete unless the representation of metrics in DashBoards and Progress Reports makes the meaning as obvious as possible.
It is possible to use colors and shapes to highlight meaning in a very compact way.
![Page 15: Information Security Metrics Dashboards and Progress Reports](https://reader033.vdocuments.mx/reader033/viewer/2022061220/54bc20224a7959336b8b4765/html5/thumbnails/15.jpg)
15
Learn to implement High Performance Security Management Processes http://cli.gs/ism3
Web www.inovement.esVideo Blog youtube.com/user/vaceitunoBlog ism3.comTwitter twitter.com/vaceitunoPresentationsslideshare.net/vaceituno/presentations
Articles slideshare.net/vaceituno/documents