Benchmarking-information security, Computer Network Security

Benchmarking

An alternative approach to risk management is Benchmarking. It is process of seeking out and studying practices in other organizations which one’s own organization desires to duplicate. One of three measures characteristically used to compare practices:

a) Metrics based measures

b) Process based measures

Metrics based measures are comparisons which are based on numerical standards, such as

-  The numbers of successful attacks
-  Staff hours which are spent on systems protection
-  The dollars which are spent on protection
- Numbers spent on protection
-  Estimated value in dollars of information lost in successful attacks
- Lose in productivity hours associated with the successful attacks

Process-based measures are less focused on numbers and more strategic than Metrics based measures. It enables organization to examine activities an individual company performs in pursuit of its goals instead of the specific of how goals are attained. There are several legal reasons. They are:

Standard of due care: when adopting levels of security for the legal defense, organization shows it has done what any prudent organization would do in same circumstances.

Due diligence: demonstration that organization is diligent in ensuring which implemented standards continue to provide needed level of protection. Failure to support standard of care or diligence can leave organization open to legal liability.

Best business practices: security efforts which provide a superior level protection of information.

While considering best practices for adoption in an organization, consider:

•    Does organization resembles identified target with best practice?

•    Are resources at hand similar?

•    Is organization in a alike threat environment?

Posted Date: 10/9/2012 2:25:03 AM | Location : United States







Related Discussions:- Benchmarking-information security, Assignment Help, Ask Question on Benchmarking-information security, Get Answer, Expert's Help, Benchmarking-information security Discussions

Write discussion on Benchmarking-information security
Your posts are moderated
Related Questions
Public Key Infrastructure (PKI) It is integrated system of software, encryption methodologies, protocols, legal agreements, and 3rd-party services enabling users to communicate

INFORMATION SECURITY POLICY PRACTICES AND STANDARDS Management from all the communities of interest should consider policies as basis for all information security efforts. Polic

QUESTION (a) (i) Describe Phishing attacks. (ii) Distinguish between Phishing and Spear Phishing attacks. (b) Describe two instances where an attacker sniffing on a netwo

CSMA/CA Wireless needs collision avoid ness rather than collision checking. Transmitting computer puts very short codes to receiver. Receiver responds with short message getti

FRAME FORMAT AND ERROR DETECTION The changed frame format also adds CRC. If there is an error happened in frame, then it typically causes receiver to removed frame. The frame

Network-Based IDS (NIDS) A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NID

Question 1: (a) Define Artificial Intelligence. (b) Briefly describe the categories for the definition of Artificial Intelligence. (c) Identify the four basic types of

doing coursework in Network Security to present a possible solution to the problem at hand by creating a prototype of the new network security infrastructure. This new design shou

Problem 1 . Show various features of a 1G network Total three features for each feature of 1G Problem 2. Describe how a cellular network works with functional block diagram

Question: a) How many bits per second can be sent on a noiseless 4 MHz channel if four-level digital signals are used? b) If a binary signal is sent over a 3 KHz channel who