{"title":"有效的操作安全指标","authors":"J. Ravenel","doi":"10.1201/1086.1065898X/46183.15.3.20060701/94183.3","DOIUrl":null,"url":null,"abstract":"Abstract Security professionals are constantly being asked to justify every security project. Security risks and projects can often be difficult to measure and even more difficult to understand by people outside the department. The key to demonstrating improvement and value is to translate security information into business terms. This being the case, the ability to identify the type, quantity, frequency, audience, and presentation of appropriate security metrics can increase the value of a CISO or security professional from the perspective of the management team.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2006-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Effective Operational Security Metrics\",\"authors\":\"J. Ravenel\",\"doi\":\"10.1201/1086.1065898X/46183.15.3.20060701/94183.3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Security professionals are constantly being asked to justify every security project. Security risks and projects can often be difficult to measure and even more difficult to understand by people outside the department. The key to demonstrating improvement and value is to translate security information into business terms. This being the case, the ability to identify the type, quantity, frequency, audience, and presentation of appropriate security metrics can increase the value of a CISO or security professional from the perspective of the management team.\",\"PeriodicalId\":36738,\"journal\":{\"name\":\"Journal of Information Systems Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94183.3\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/1086.1065898X/46183.15.3.20060701/94183.3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
Abstract Security professionals are constantly being asked to justify every security project. Security risks and projects can often be difficult to measure and even more difficult to understand by people outside the department. The key to demonstrating improvement and value is to translate security information into business terms. This being the case, the ability to identify the type, quantity, frequency, audience, and presentation of appropriate security metrics can increase the value of a CISO or security professional from the perspective of the management team.