Organizations evaluate their security programs through the use of metrics that assess the efficiency and effectiveness of critical security controls. In this video, learn how security leaders assess their programs on a regular basis using consistent security metrics.
- [Instructor] Organizations evaluate…their security programs through the use of metrics…that assess the efficiency and effectiveness…of critical security controls.…These measurements provide insight…into the health of a security program,…both at a single point in time…and over a long-term basis.…It's critical that organizations…define the metrics and performance measurements…they will use in advance of reporting the data.…This ensures the integrity of the process…and prevents the cherry-picking of favorable results…for reporting purposes.…
Security programs use two primary types of metrics…to demonstrate their effectiveness…and the state of the organization's security controls.…Key performance indicators, or KPIs,…are metrics that demonstrate the success…of the security program in achieving its objectives.…KPIs are mutually agreed-upon measures…that evaluate whether a security program…is meeting its defined goals.…Generally speaking,…KPIs are a look backwards at historical performance,…providing a yardstick to evaluate…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management