TY  - BOOK
AU  - Michael Scheer
PY  - 2003
CY  - Hamburg, Deutschland
PB  - Diplom.de
SN  - 9783832467883
TI  - Development of an IT-Security Performance Measurement System
DO  - 10.3239/9783832467883
UR  - https://m.diplom.de/document/222142
N2  - Inhaltsangabe:Abstract:  Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions.  In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, which is designed to be well-balanced and comprehensive. It views IT-Security from four perspectives: Organisational, Financial, Operational and Personnel.  The documentation of the system contains the key figures and their interrelationships. With its modular design, it can either be used out-off-the-box or tailored to the specific requirements of the organisation.  Chapter 1 briefly discusses the reason for this Bachelor Thesis and introduces the problem statement. Chapter 2 explores the basic concepts behind both IT-Security and performance measurement. Chapter 3 covers general requirements, which are fundamental principles needed to be taken into consideration when building an IT-Security Performance Measurement System. Chapter 4 describes the approach taken for the design of the system. Chapter 5 introduces the Performance Measurement System for IT-Security.       Inhaltsverzeichnis:Table of Contents:  1.Introduction1  1.1Motivation1  1.2Problem Statement2  2.Theoretical Background3  2.1Performance Measurement4  2.1.1Definitions4  2.1.2Key Figures4  2.1.3The Balanced Scorecard6  2.2IT-Security7  2.2.1Goals of IT-Security7  2.2.2Security Policy9  2.2.3Incident Response10  2.3Risk Management11  2.3.1The Asset/Threat/Vulnerability/Safeguard Concept11  2.3.2Risk Assessment12  2.3.3Risk Mitigation13  2.4Existing Standards for IT-Security14  2.4.1Standards for Information Security Management14  2.4.2Standards for Evaluation15  2.4.3Standards for Development15  2.4.4Standards for a Common Terminology16  3.Requirements19  3.1General Requirements20  3.1.1Financial Requirements20  3.1.2Regulatory Requirements20  3.1.3Organisational Requirements20  3.1.4Requirements for Performance Measurement21  3.2Requirements at a Glance22  4.Development Approach23  4.1Top-Down vs. Bottom-Up23  4.1.1Top-Down23  4.1.2Bottom-Up24  4.1.3Comparison26  4.2Development Approach chosen26  5.Findings29  5.1Top-Down Findings30  5.1.1Generic Security Model30  5.1.2Self-Assessment Guide31  5.1.3Findings and Discussion34  5.2Bottom-Up Findings36  5.2.1List of Key Figures36  5.2.2Relationships38  5.3Meet in the Middle39  5.4Discussion of Key […]
KW  - balanced, scorecard, risk, management, security, incidents, figure, table, policy
LA  - Deutsch
ER  -