Shared Flashcard Set

Details

J - SES-602 - Module 10 - Metrics
N/A
25
Computer Networking
Graduate
11/29/2011

Additional Computer Networking Flashcards

 


 

Cards

Term
Practical/useful security metrics have the following basic characteristics:
Definition

• easy to connect to concept of security
• transparent data gathering process
• supports security decision-making

Term
What is measurement?
Definition

The process of mapping from the
empirical world to the formal, relational world.
The measure that results characterizes an
attribute of some object under scrutiny.

Note: Information Security is not the object, nor a
well-understood attribute, which means you are not directly measuring security; you are measuring other things and drawing conclusions about security from them.

Term
Lead Indicators
Definition
Attributes that can be measured before the outcome is clear.
Term
Lag Indicators
Definition
Attributes that can only be measured after the fact.
Term
Key Goal Indicators (KGI)
Definition
Attributes whose measures indicate whether a goal(s) has been met. Since they can only be measured after the fact, they are lag indicators.
Term
Key Performance Indicators (KPI) or just Performance indicators
Definition
Attributes whose measures indicate whether goals are likely to be met. Since they can be measured before the outcome is clear, they are lead indicators.
Term
International Standard for Designing/Manageing Security Metrics (Process)
Definition

1. Plan

2. Do

3. Check

4. Act

Term
Types of measure numbers
Definition

1. Nominal (exists, doesn't exist)

2. Ordinal (order: high, medium, low)

3. Interval (order and quantity)

4. Ratio

Term
Criteria for Security Metrics (nine things)
Definition

Valid: data supports a hypothesis that system is secure
Accurate: data reflects the content of measurement as it was envisioned
Numeric: data can be precisely quantified
Correct: data is collected according to specifications
Consistent: measure is independent of measurer
Time-based: there is a fixed reference point of data collection
Replicable: measurement repeated in same manner in same environment will yield same result
Unit-based: data may be expressed in terms of a unit
Informative: data provides information without additional context

Term
Rules for Evaluation of Metrics
Definition

• Any metric that is not accurate or not valid is weak
• Any metric that is accurate and valid is at least
neutral
• Any metric that is accurate, valid, informative, and
time-based is strong

Term
What are the four types of metrics?
Definition

1. Activity

2. Target

3. Remediation

4. Monitor

Term
Activity Metric (definition)
Definition
Metrics that measure work activity, e.g., incidents reported via email.
Term
Target Metrics (definition)
Definition
Metrics that have a measurable target (e.g., no missing logs).
Term
Remediation Metrics (definition)
Definition

Metrics that show progress toward a goal, e.g., % of systems that have been converted to a new operating system.

 

Term
Monitor Related Metrics
Definition
Metrics that monitor processes, e.g., the number of changes vs the number of chages authorized, or the percent of password reset call where the staff followed (and/or documented) process.
Term
Link Indexes to Security Data
Definition
Common Indexes cannot be expected to exist in different realms and different management domains.
Expectations for linkage must be articulated.
Term
Creating/Using Metrics (end to end process)
Definition

• Start with known data on environment
• Quantify or otherwise represent unknowns
• Link control-relevant data to known data
• Anticipate decision requirements
• Design presentations for use in decisions

Term
Risk Assessment Caveats
Definition

Vulnerabilities != Exploits
Threats != Exploits
Vulnerabilities + Threats != Exploits
Vulnerabilities + Threats allow Exploits
Exploits != Damage
Exploits + Service/Data/Financial Loss = Damage
Controls minimize probability of Exploits

Term
Vulnerability
Definition
A weakness which allows an attacker to reduce a system's information assurance. It is the result of a system bug or flaw and must be accessable by an attacker.
Term
Threat
Definition
A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.
Term
Exploit
Definition
A piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerised). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.
Term
Traditional Risk Assessment Approach
Definition

• Identify Assets within Scope
• Determine Threats, Risks, Concerns, and
Issues Related to Assets
• Prioritize the Risk According to System and
Information Importance
• Determine the Threat Level of the Assets
• Determine Known Vulnerabilities of the
Assets

Term
Risk Analysis process
Definition
The science of risks and their probability and evaluation.
Term
Risk Management focuses on the following four areas
Definition

1. Compliance, e.g., total population vs population in compliance.

2. Organizational Structure, e.g., show compliance accross different organizational populations

3. Automation, e.g., automated collection of data

4. Trends (often used to depict data beyond the control of management)

Term
Redmediation Management focuses on the following:
Definition

1. Quality: Actual number of known vulnerabilities (as opposed to the number of systems scanned for vulnerabilities)

2. Process: control points from process directly correlated to measured activity.

3. Accountability: What was the root cause?

4. Implementation: Recognizes systemic issues and acts.

Supporting users have an ad free experience!