Join Mike Chapple for an in-depth discussion in this video Metrics and measurements, part of CySA+ Cert Prep: 4 Security Governance.
- [Narrator] Organizations evaluate their security programs…through the use of metrics, that assess the efficiency…and effectiveness of critical security controls.…These measurements provide insight into the health…of the security program, both at a single point in time…and over a long term basis.…It's critical that organizations define the metrics…and performance measurements they will use…in advance of reporting the data.…This ensures the integrity of the process…and prevents the cherry picking of favorable results…for reporting purposes.…
Security programs use two primary types of metrics…to demonstrate their effectiveness…and the state of the organization's security controls.…Key performance indicators or KPIs are metrics…that demonstrate the success of the security program…in achieving its objectives.…KPIs are mutually agreed upon measures…that evaluate whether a security program…is meeting its defined goals.…Generally speaking, KPIs are a look backwards…at historical performance.…
Providing a yardstick to evaluate the past success…
Author
Mike Chapple
Released
5/23/2018Want more CySA+ test prep tips? Visit certmike.com to join Mike's free study group.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Security governance
- Security roles and responsibilities
- Security policies
- Complying with laws and regulations
- Auditing and assessing security
- Personnel security
- Security training
- Vendor management
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome2m 26s
-
-
1. Security Governance
-
Organizational processes3m 13s
-
Control frameworks4m 52s
-
2. Security Policy
-
Security policy framework4m 40s
-
Security policies5m 16s
-
Account policies3m 35s
-
Password policies4m 50s
-
Data security policies5m 17s
-
Data security roles3m 30s
-
-
3. Regulatory Compliance
-
Privacy compliance4m 24s
-
Computer crimes1m 55s
-
Intellectual property4m 16s
-
Software licensing2m 28s
-
Data breaches2m 8s
-
4. Assessing Security Processes
-
Management review3m 14s
-
Metrics and measurements3m 18s
-
Audits and assessments5m 35s
-
Control management3m 37s
-
Maturity models3m 34s
-
-
5. Personnel Security
-
Employee security3m 4s
-
Employee termination process2m 42s
-
Employee privacy2m 23s
-
Social networking3m 52s
-
Personnel safety2m 31s
-
Employee development1m 35s
-
-
6. Awareness and Training
-
Compliance training3m 27s
-
User habits2m 47s
-
User-based threats1m 55s
-
Awareness program reviews1m 20s
-
7. Vendor Management
-
Vendor agreements3m 34s
-
Security as a service1m 29s
-
Conclusion
-
Next steps33s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Metrics and measurements