Development of an IT-Security Performance Measurement System
BücherAngebote / Angebote:
Inhaltsangabe:Abstract:
Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions.
In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, which is designed to be well-balanced and comprehensive. It views IT-Security from four perspectives: Organisational, Financial, Operational and Personnel.
The documentation of the system contains the key figures and their interrelationships. With its modular design, it can either be used out-off-the-box or tailored to the specific requirements of the organisation.
Chapter 1 briefly discusses the reason for this Bachelor Thesis and introduces the problem statement. Chapter 2 explores the basic concepts behind both IT-Security and performance measurement. Chapter 3 covers general requirements, which are fundamental principles needed to be taken into consideration when building an IT-Security Performance Measurement System. Chapter 4 describes the approach taken for the design of the system. Chapter 5 introduces the Performance Measurement System for IT-Security.
Inhaltsverzeichnis:Table of Contents:
1.Introduction1
1.1Motivation1
1.2Problem Statement2
2.Theoretical Background3
2.1Performance Measurement4
2.1.1Definitions4
2.1.2Key Figures4
2.1.3The Balanced Scorecard6
2.2IT-Security7
2.2.1Goals of IT-Security7
2.2.2Security Policy9
2.2.3Incident Response10
2.3Risk Management11
2.3.1The Asset/Threat/Vulnerability/Safeguard Concept11
2.3.2Risk Assessment12
2.3.3Risk Mitigation13
2.4Existing Standards for IT-Security14
2.4.1Standards for Information Security Management14
2.4.2Standards for Evaluation15
2.4.3Standards for Development15
2.4.4Standards for a Common Terminology16
3.Requirements19
3.1General Requirements20
3.1.1Financial Requirements20
3.1.2Regulatory Requirements20
3.1.3Organisational Requirements20
3.1.4Requirements for Performance Measurement21
3.2Requirements at a Glance22
4.Development Approach23
4.1Top-Down vs. Bottom-Up23
4.1.1Top-Down23
4.1.2Bottom-Up24
4.1.3Comparison26
4.2Development Approach chosen26
5.Findings29
5.1Top-Down Findings30
5.1.1Generic Security Model30
5.1.2Self-Assessment Guide31
5.1.3Findings and Discussion34
5.2Bottom-Up Findings36
5.2.1List of Key Figures36
5.2.2Relationships38
5.3Meet in the Middle39
5.4Discussion of Key [...]
Folgt in ca. 10 Arbeitstagen