Sponsored Links
-->
UnlabelledInformation security indicators

Monday, April 9, 2018

- -

IT Security KPIs Example - YouTube
src: i.ytimg.com

In information technology, benchmarking of computer security requires measurements for comparing both different IT systems and single IT systems in dedicated situations. The technical approach is a pre-defined catalog of security events (security incident and vulnerability) together with corresponding formula for the calculation of security indicators that are accepted and comprehensive.

Information security indicators have been standardized by the ETSI Industrial Specification Group (ISG) ISI. These indicators provide the basis to switch from a qualitative to a quantitative culture in IT Security Scope of measurements: External and internal threats (attempt and success), user's deviant behaviours, nonconformities and/or vulnerabilities (software, configuration, behavioural, general security framework).

The list of Information Security Indicators belongs to the ISI framework that consists of the following eight closely linked Work Items:

  1. ISI Indicators (ISI-001-1 and Guide ISI-001-2): A powerful way to assess security controls level of enforcement and effectiveness (+ benchmarking)
  2. ISI Event Model (ISI-002): A comprehensive security event classification model (taxonomy + representation)
  3. ISI Maturity (ISI-003): Necessary to assess the maturity level regarding overall SIEM capabilities (technology/people/process) and to weigh event detection results. Methodology complemented by ISI-005 (which is a more detailed and case by case approach)
  4. ISI Guidelines for event detection implementation (ISI-004): Demonstrate through examples how to produce indicators and how to detect the related events with various means and methods (with classification of use cases/symptoms)
  5. ISI Event Stimulation (ISI-005): Propose a way to produce security events and to test the effectiveness of existing detection means (for major types of events)
  6. An ISI-compliant Measurement and Event Management Architecture for Cyber Security and Safety (ISI-006, in preparation): This work item focuses on designing a cybersecurity language to model threat intelligence information and enable detection tools interoperability.
  7. ISI Guidelines for building and operating a secured SOC (ISI-007, in preparation): A set of requirements to build and operate a secured SOC (Security Operations Center) addressing technical, human and process aspects.
  8. ISI Description of a whole organization-wide SIEM approach (ISI-008, in preparation): A whole SIEM (CERT/SOC based) approach positioning all ISI aspects and specifications.

Preliminary work on information security indicators have been done by the French Club R2GS. The first public set of the ISI standards (security indicators list and event model) have been released in April 2013.


Video Information security indicators



References


Maps Information security indicators



External links

  • Official ISI webportal
  • ETSI ISI flyer
  • ISI Quick Reference Card
  • ISI events Quick Reference Card
  • Club R2GS portal

Source of the article : Wikipedia

Comments
0 Comments
Subscribe to: Post Comments (Atom)