Part I: Why Security Metrics
Chapter 1 Why Measure Security?
Chapter 2 Why Now Security Metrics Are Needed Now
Part II: Essential Components of an Effective Security Metrics Practitioner
Chapter 3 Analytics
Chapter 4 Commitment to Project Management
Part III: Decide What to Measure
Chapter 5 Identify Core Competencies, Information Security Work, and Resourcing Options
Chapter 6 Identify Targets
Part IV: Get Started
Chapter 7 Defining Project Objectives
Chapter 8 Define Your Priorities
Chapter 9 Identify Key Messages and Key Audiences
Chapter 10 Obtain Buy-In from Stakeholders
Part V: Toolkit
Chapter 11 Automation
Chapter 12 Analysis Technology and a Case Study
Part VI: Creating the Best Environment for Healthy Metrics
Chapter 13 Define a Communications Strategy
Chapter 14 Create and Drive an Action Plan: The Importance of Project Management
Part VII: Secret Sauce: Lessons Learned from an Enterprise Practitioner
Chapter 15 Improving Data Quality and Presentation
Chapter 16 Resourcing Security Metrics Projects
Part VIII: Looking Forward
Chapter 17 Security Metrics for Cloud Computing
Part IX: Appendix and Glossary
Appendix A Templates and Checklists
Glossary
Index