Detailansicht
Development of an IT-Security Performance Measurement System
ISBN/EAN: 9783838667881
Umbreit-Nr.: 6161244
Sprache:
Deutsch
Umfang: 88 S.
Format in cm: 0.7 x 21 x 14.8
Einband:
kartoniertes Buch
Erschienen am 11.05.2003
Auflage: 1/2003
- Zusatztext
- Inhaltsangabe:Abstract: Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions. In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, which is designed to be well-balanced and comprehensive. It views IT-Security from four perspectives: Organisational, Financial, Operational and Personnel. The documentation of the system contains the key figures and their interrelationships. With its modular design, it can either be used out-off-the-box or tailored to the specific requirements of the organisation. Chapter 1 briefly discusses the reason for this Bachelor Thesis and introduces the problem statement. Chapter 2 explores the basic concepts behind both IT-Security and performance measurement. Chapter 3 covers general requirements, which are fundamental principles needed to be taken into consideration when building an IT-Security Performance Measurement System. Chapter 4 describes the approach taken for the design of the system. Chapter 5 introduces the Performance Measurement System for IT-Security. Inhaltsverzeichnis:Table of Contents: 1.Introduction1 1.1Motivation1 1.2Problem Statement2 2.Theoretical Background3 2.1Performance Measurement4 2.1.1Definitions4 2.1.2Key Figures4 2.1.3The Balanced Scorecard6 2.2ITSecurity7 2.2.1Goals of IT-Security7 2.2.2Security Policy9 2.2.3Incident Response10 2.3Risk Management11 2.3.1The Asset/Threat/Vulnerability/Safeguard Concept11 2.3.2Risk Assessment12 2.3.3Risk Mitigation13 2.4Existing Standards for IT-Security14 2.4.1Standards for Information Security Management14 2.4.2Standards for Evaluation15 2.4.3Standards for Development15 2.4.4Standards for a Common Terminology16 3.Requirements19 3.1General Requirements20 3.1.1Financial Requirements20 3.1.2Regulatory Requirements20 3.1.3Organisational Requirements20 3.1.4Requirements for Performance Measurement21 3.2Requirements at a Glance22 4.Development Approach23 4.1TopDown vs. BottomUp23 4.1.1TopDown23 4.1.2BottomUp24 4.1.3Comparison26 4.2Development Approach chosen26 5.Findings29 5.1TopDown Findings30 5.1.1Generic Security Model30 5.1.2SelfAssessment Guide31 5.1.3Findings and Discussion34 5.2BottomUp Findings36 5.2.1List of Key Figures36 5.2.2Relationships38 5.3Meet in the Middle39 5.4Discussion of Key []