Benchmarking-information security, Computer Network Security

Assignment Help:

Benchmarking

An alternative approach to risk management is Benchmarking. It is process of seeking out and studying practices in other organizations which one’s own organization desires to duplicate. One of three measures characteristically used to compare practices:

a) Metrics based measures

b) Process based measures

Metrics based measures are comparisons which are based on numerical standards, such as

-  The numbers of successful attacks
-  Staff hours which are spent on systems protection
-  The dollars which are spent on protection
- Numbers spent on protection
-  Estimated value in dollars of information lost in successful attacks
- Lose in productivity hours associated with the successful attacks

Process-based measures are less focused on numbers and more strategic than Metrics based measures. It enables organization to examine activities an individual company performs in pursuit of its goals instead of the specific of how goals are attained. There are several legal reasons. They are:

Standard of due care: when adopting levels of security for the legal defense, organization shows it has done what any prudent organization would do in same circumstances.

Due diligence: demonstration that organization is diligent in ensuring which implemented standards continue to provide needed level of protection. Failure to support standard of care or diligence can leave organization open to legal liability.

Best business practices: security efforts which provide a superior level protection of information.

While considering best practices for adoption in an organization, consider:

•    Does organization resembles identified target with best practice?

•    Are resources at hand similar?

•    Is organization in a alike threat environment?


Related Discussions:- Benchmarking-information security

Rsa block and vernam stream ciphers, RSA Block and Vernam Stream Ciphers ...

RSA Block and Vernam Stream Ciphers This assignment involves writing two small Python scripts and a report. Before you start you must download the ?le summarysheets.zip from th

Configure a router from command line interface, QUESTION (a) Describe ...

QUESTION (a) Describe the difference between static routing and dynamic routing algorithms. (b) List four functions that are performed by the Cisco IOS software during b

Malicious node detection mechanisms, Many applications are vulnerable to in...

Many applications are vulnerable to intrusion attacks and can provide misleading reports about misbehaving nodes. Some of the mechanisms under such a category include the Bayesian

Using Technology as Experience Framework, Write a two to three (2-3) page p...

Write a two to three (2-3) page paper in which you: Explain how the Web user interfaces help donors to make decisions. Relate the emotional thread demonstrated in the case study to

What is information-information security, What is information Informatio...

What is information Information comprises the meanings and interpretations which people place upon the facts, or data. The value of information springs from the ways it can be i

What is meant by certificate revocation, QUESTION (a) Which PKI (Public...

QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

Develop firewall rules, Question requires you to develop firewall rules bas...

Question requires you to develop firewall rules based on a fictitious organisation. Scenario: You work for a security-conscious company, xC-Cure, who develop encryption tec

Systems development life cycle security-information security, The Role of t...

The Role of the Investigation The first phase, investigation is the most significant. What problem is the system being developed to solve? During investigation phase, objectives

Hashing, Hashing is the transformation of a string of characters into a g...

Hashing is the transformation of a string of characters into a generally shorter fixed-length key or a value that presents the original string. Hashing is used to index and retri

Vulnerability scanners, VULNERABILITY SCANNERS Active vulnerability scan...

VULNERABILITY SCANNERS Active vulnerability scanners scan networks for detailed information, it initiate traffic to determine security holes. This scanner identifies usernames a

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd