© Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, Abdul Aslam 2018
Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams and Abdul AslamEnterprise Cybersecurity Study Guidehttps://doi.org/10.1007/978-1-4842-3258-3_20

Cybersecurity Capability Value Scales

Scott E. Donaldson, Stanley G. Siegel2, Chris K. Williams3 and Abdul Aslam3
(1)
Falls Church, Virginia, USA
(2)
Potomac, Maryland, USA
(3)
San Diego, California, USA
 

Overview

  • This appendix provides example Object Measurement (OM) observed data value scale definitions for 113 cybersecurity capabilities.
    • Grouped by 11 functional areas
    • Minimum and maximum numeric values from 0.00 to 1.00, but scales can accommodate any numeric range
    • Tick marks with plain language descriptions to help associate an enterprise’s vocabulary with measurement activities
    • No one set of terms (that is, numeric value and tick-mark labels) that defines value scales
      A458720_1_En_20_Figa_HTML.jpg
  • In the end, an enterprise needs meaningful measurements.
  • Meaningful here means “the enterprise uses the measurements, in part, to determine whether and where cybersecurity needs to be improved.”

Topics

  • This appendix contains value scales for each of 113 cybersecurity capabilities, grouped into 11 functional areas:
    • Systems Administration
    • Network Security
    • Applications Security
    • Endpoint, Server, and Device Security
    • Identity, Authentication, and Access Management
    • Data Protection and Cryptography
    • Monitoring, Vulnerability, and Patch Management
    • High Availability, Disaster Recovery, and Physical Protection
    • Incident Response
    • Asset Management and Supply Chain
    • Policy, Audit, E-Discovery, and Training
      A458720_1_En_20_Figb_HTML.jpg

Systems Administration

A458720_1_En_20_Figc_HTML.jpg
A458720_1_En_20_Figd_HTML.jpg
A458720_1_En_20_Fige_HTML.jpg
A458720_1_En_20_Figf_HTML.jpg

Network Security

A458720_1_En_20_Figg_HTML.jpg
A458720_1_En_20_Figh_HTML.gif
A458720_1_En_20_Figi_HTML.jpg
A458720_1_En_20_Figj_HTML.jpg
A458720_1_En_20_Figk_HTML.jpg

Application Security

A458720_1_En_20_Figl_HTML.jpg
A458720_1_En_20_Figm_HTML.jpg
A458720_1_En_20_Fign_HTML.jpg
A458720_1_En_20_Figo_HTML.jpg

Endpoint, Server, and Device Security

A458720_1_En_20_Figp_HTML.jpg
A458720_1_En_20_Figq_HTML.jpg
A458720_1_En_20_Figr_HTML.jpg
A458720_1_En_20_Figs_HTML.jpg
A458720_1_En_20_Figt_HTML.jpg

Identity, Authentication, and Access Management

A458720_1_En_20_Figu_HTML.jpg
A458720_1_En_20_Figv_HTML.gif
A458720_1_En_20_Figw_HTML.jpg
A458720_1_En_20_Figx_HTML.jpg

Data Protection and Cryptography

A458720_1_En_20_Figy_HTML.jpg
A458720_1_En_20_Figz_HTML.gif
A458720_1_En_20_Figaa_HTML.jpg
A458720_1_En_20_Figab_HTML.jpg

Monitoring, Vulnerability, and Patch Management

A458720_1_En_20_Figac_HTML.jpg
A458720_1_En_20_Figad_HTML.gif
A458720_1_En_20_Figae_HTML.jpg
A458720_1_En_20_Figaf_HTML.jpg
A458720_1_En_20_Figag_HTML.jpg

High Availability, Disaster Recovery, and Physical Protection

A458720_1_En_20_Figah_HTML.jpg
A458720_1_En_20_Figai_HTML.gif
A458720_1_En_20_Figaj_HTML.jpg
A458720_1_En_20_Figak_HTML.jpg

Incident Response

A458720_1_En_20_Figal_HTML.jpg
A458720_1_En_20_Figam_HTML.gif
A458720_1_En_20_Figan_HTML.jpg
A458720_1_En_20_Figao_HTML.jpg

Asset Management and Supply Chain

A458720_1_En_20_Figap_HTML.jpg
A458720_1_En_20_Figaq_HTML.gif
A458720_1_En_20_Figar_HTML.jpg

Policy, Audit, E-Discovery, and Training (PAET)

A458720_1_En_20_Figas_HTML.jpg
A458720_1_En_20_Figat_HTML.gif
A458720_1_En_20_Figau_HTML.jpg
A458720_1_En_20_Figav_HTML.jpg
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.14.118