Detailansicht
Development of an IT-Security Performance Measurement System
eBook
ISBN/EAN: 9783832467883
Umbreit-Nr.: 6010473
Sprache:
Deutsch
Umfang: 83 S., 0.62 MB
Format in cm:
Einband:
Keine Angabe
Erschienen am 12.05.2003
Auflage: 9/2003
E-Book
Format: PDF
DRM: Nicht vorhanden
- Zusatztext
- Inhaltsangabe:Abstract:Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions.In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, which is designed to be well-balanced and comprehensive. It views IT-Security from four perspectives: Organisational, Financial, Operational and Personnel.The documentation of the system contains the key figures and their interrelationships. With its modular design, it can either be used out-off-the-box or tailored to the specific requirements of the organisation.Chapter 1 briefly discusses the reason for this Bachelor Thesis and introduces the problem statement. Chapter 2 explores the basic concepts behind both IT-Security and performance measurement. Chapter 3 covers general requirements, which are fundamental principles needed to be taken into consideration when building an IT-Security Performance Measurement System. Chapter 4 describes the approach taken for the design of the system. Chapter 5 introduces the Performance Measurement System for IT-Security.Inhaltsverzeichnis:Table of Contents:1.Introduction11.1Motivation11.2Problem Statement22.Theoretical Background32.1Performance Measurement42.1.1Definitions42.1.2Key Figures42.1.3The Balanced Scorecard62.2IT-Security72.2.1Goals of IT-Security72.2.2Security Policy92.2.3Incident Response102.3Risk Management112.3.1The Asset/Threat/Vulnerability/Safeguard Concept112.3.2Risk Assessment122.3.3Risk Mitigation132.4Existing Standards for IT-Security142.4.1Standards for Information Security Management142.4.2Standards for Evaluation152.4.3Standards for Development152.4.4Standards for a Common Terminology163.Requirements193.1General Requirements203.1.1Financial Requirements203.1.2Regulatory Requirements203.1.3Organisational Requirements203.1.4Requirements for Performance Measurement213.2Requirements at a Glance224.Development Approach234.1Top-Down vs. Bottom-Up234.1.1Top-Down234.1.2Bottom-Up244.1.3Comparison264.2Development Approach chosen265.Findings295.1Top-Down Findings305.1.1Generic Security Model305.1.2Self-Assessment Guide315.1.3Findings and Discussion345.2Bottom-Up Findings365.2.1List of Key Figures365.2.2Relationships385.3Meet in the Middle395.4Discussion of Key []
- Kurztext
- Inhaltsangabe:Abstract: Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions. In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, ...