# Shared Flashcard Set

## Details

J - SES-602 - Module 10 - Metrics
N/A
25
Computer Networking
11/29/2011

## Additional Computer Networking Flashcards

Term
 Practical/useful security metrics have the following basic characteristics:
Definition
 • easy to connect to concept of security• transparent data gathering process• supports security decision-making
Term
 What is measurement?
Definition
 The process of mapping from theempirical world to the formal, relational world.The measure that results characterizes anattribute of some object under scrutiny. Note: Information Security is not the object, nor awell-understood attribute, which means you are not directly measuring security; you are measuring other things and drawing conclusions about security from them.
Term
Definition
 Attributes that can be measured before the outcome is clear.
Term
 Lag Indicators
Definition
 Attributes that can only be measured after the fact.
Term
 Key Goal Indicators (KGI)
Definition
 Attributes whose measures indicate whether a goal(s) has been met. Since they can only be measured after the fact, they are lag indicators.
Term
 Key Performance Indicators (KPI) or just Performance indicators
Definition
 Attributes whose measures indicate whether goals are likely to be met. Since they can be measured before the outcome is clear, they are lead indicators.
Term
 International Standard for Designing/Manageing Security Metrics (Process)
Definition
 1. Plan 2. Do 3. Check 4. Act
Term
 Types of measure numbers
Definition
 1. Nominal (exists, doesn't exist) 2. Ordinal (order: high, medium, low) 3. Interval (order and quantity) 4. Ratio
Term
 Criteria for Security Metrics (nine things)
Definition
 Valid: data supports a hypothesis that system is secureAccurate: data reflects the content of measurement as it was envisionedNumeric: data can be precisely quantifiedCorrect: data is collected according to specificationsConsistent: measure is independent of measurerTime-based: there is a fixed reference point of data collectionReplicable: measurement repeated in same manner in same environment will yield same resultUnit-based: data may be expressed in terms of a unitInformative: data provides information without additional context
Term
 Rules for Evaluation of Metrics
Definition
 • Any metric that is not accurate or not valid is weak• Any metric that is accurate and valid is at leastneutral• Any metric that is accurate, valid, informative, andtime-based is strong
Term
 What are the four types of metrics?
Definition
 1. Activity 2. Target 3. Remediation 4. Monitor
Term
 Activity Metric (definition)
Definition
 Metrics that measure work activity, e.g., incidents reported via email.
Term
 Target Metrics (definition)
Definition
 Metrics that have a measurable target (e.g., no missing logs).
Term
 Remediation Metrics (definition)
Definition
 Metrics that show progress toward a goal, e.g., % of systems that have been converted to a new operating system.
Term
 Monitor Related Metrics
Definition
 Metrics that monitor processes, e.g., the number of changes vs the number of chages authorized, or the percent of password reset call where the staff followed (and/or documented) process.
Term
 Link Indexes to Security Data
Definition
 Common Indexes cannot be expected to exist in different realms and different management domains.Expectations for linkage must be articulated.
Term
 Creating/Using Metrics (end to end process)
Definition
 • Start with known data on environment• Quantify or otherwise represent unknowns• Link control-relevant data to known data• Anticipate decision requirements• Design presentations for use in decisions
Term
 Risk Assessment Caveats
Definition
 Vulnerabilities != ExploitsThreats != ExploitsVulnerabilities + Threats != ExploitsVulnerabilities + Threats allow ExploitsExploits != DamageExploits + Service/Data/Financial Loss = DamageControls minimize probability of Exploits
Term
 Vulnerability
Definition
 A weakness which allows an attacker to reduce a system's information assurance. It is the result of a system bug or flaw and must be accessable by an attacker.
Term
 Threat
Definition
 A possible danger that might exploit a vulnerability to breach security and thus cause possible harm.
Term
 Exploit
Definition
 A piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerised). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.
Term
 Traditional Risk Assessment Approach
Definition
 • Identify Assets within Scope• Determine Threats, Risks, Concerns, andIssues Related to Assets• Prioritize the Risk According to System andInformation Importance• Determine the Threat Level of the Assets• Determine Known Vulnerabilities of theAssets
Term
 Risk Analysis process
Definition
 The science of risks and their probability and evaluation.
Term
 Risk Management focuses on the following four areas
Definition
 1. Compliance, e.g., total population vs population in compliance. 2. Organizational Structure, e.g., show compliance accross different organizational populations 3. Automation, e.g., automated collection of data 4. Trends (often used to depict data beyond the control of management)
Term
 Redmediation Management focuses on the following:
Definition
 1. Quality: Actual number of known vulnerabilities (as opposed to the number of systems scanned for vulnerabilities) 2. Process: control points from process directly correlated to measured activity. 3. Accountability: What was the root cause? 4. Implementation: Recognizes systemic issues and acts.
Supporting users have an ad free experience!