Page 171 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 171

Unit 12: Security Metrics and Privacy




              Understand security matrix and security metrics classification                   Notes
              Explain the concept of privacy
              Understand business issue in privacy
              Discuss privacy vs security
              Identify related terms for privacy
              Understand information privacy principles

          Introduction

          A metric refers to a system of dimension that depends on quantifiable procedures. Useful metrics
          point to the degree to which protection goals, like data confidentiality, are being met, and they
          drive measures taken to recover an organization’s overall  security program. Privacy can be
          illustrated as exercising control over what access others have to private magnitude of us, like
          information privacy. In this unit, you will understand various concepts of security metrics and
          privacy.
          12.1 Introduction to Security Metrics


          Good metrics are those that are elegant, i.e. specific, quantifiable, attainable, repeatable, and time
          reliant. Dimensions offer single-point-in-time views of specific, discrete factors, while metrics
          are resultant by comparing to a prearranged baseline two or more dimensions taken over time.
          Dimensions are produced by counting; metrics are produced from analysis.
          Alternatively, dimensions are objective raw data and metrics are either objective or subjective
          human  explanations of  those data. The method  of dimension  that is employed should  be
          reproducible, and should attain the similar result when performed independently by dissimilar
          competent evaluators. Also, the consequence should be repeatable, so that a second evaluation
          by the original team of evaluators generates the same result. A method of dimension used to
          find out the unit of a  quantity could be a measuring instrument,  a reference  material, or  a
          measuring system. The dimension of an information system for security includes the application
          of a method of dimension to one or more parts of the system that have an measurable security
          property so as to obtain a considered value of dimensions should be timely and applicable to the
          organization.

          Self Assessment

          Fill in the blanks:
          1.   A ........................ refers to a system of dimension that depends on quantifiable procedures.
          2.   ........................ offer single-point-in-time views of specific, discrete factors, while metrics
               are resultant by comparing to a prearranged baseline two or more dimensions taken over
               time.

          12.2 Basics


          12.2.1 Background

          The phrase “security metrics”  is used frequently today,  but with a series of meanings and
          explanations. “Metrics are tools intended to facilitate decision making and recover performance
          and accountability during collection, analysis, and reporting of pertinent performance-associated




                                           LOVELY PROFESSIONAL UNIVERSITY                                   165
   166   167   168   169   170   171   172   173   174   175   176