Professional Documents
Culture Documents
Sbathu2
Home Work 9
652645479
Dark Knight
Problems 2.7.4-2.7.5
7.4 Download and review NIST SP 800-55 Rev. 1, Performance Measurement Guide for
Information Security. Using this document, identify five NEW measures you would
be interested in finding the results from based on your home computing systems
and/or case study network.
Solution:
Based on our case study, I would be interested in finding the results for the following
five new measures.
a. The percentage of servers within a system with a standard configuration
b. the percentage of server failure incidents the percentage of system components that
undergo maintenance
c. the percentage of system components that undergo maintenance on schedule
d. the impact of scheduled awareness and training programs on the number
of security related incidents
a. the percentage of the agencys information system budget devoted to information
security
7.5 Using the template provided in Table 7-2 in the book, develop documentation for
each of the performance measures you selected in the above.
Solution:
ID
Goal
To ensure
secure that
organization
is using
standard
system
components
Measure
The
percentage
of servers
within a
system
with a
standard
configurati
on.
Type
Frequen
cy
Responsibl
e parties
Implem
entatio
n
Quarterl
y
collectio
n and
reportin
g
Informati
on
owner- IT
maintena
nce
personnel
Informati
on
collectorIT
maintena
nce
personnel
Informati
on
Data
Sourc
e
Syste
m
maint
enan
ce
repor
t
Reportin
g
Format
Table
with
individu
al
compon
ents
informa
tion and
pie
charts
compari
ng
standar
dized
compon
Sreenivas Bathula
Sbathu2
Home Work 9
652645479
Dark Knight
customer
- security
executive
s like
CISO,CSO
To identify
the root
cause for
server
downtime
and
minimize the
downtime
the
percentage
of server
failure
incidents
Efficien
cy
Bi
weekly
collectio
n
frequen
cy
Info
rma
tion
own
erInci
dent
Rep
ort
Man
ager
ents as
a part
of total
compon
ents
Inci
dent
repo
rts
Time
series
charts
Informati
on
collectorIncident
Manager
Informati
on
customer
- security
executive
s like
CISO,CSO
3
To ensure
that system
is
maintained
at regular
intervals
with latest
security
patches and
protections
that are
standard in
the specific
industry
the
percentage
of system
component
s that
undergo
maintenan
ce on
schedule
Efficien
cy
Monthly
collectio
n and
reportin
g
frequen
cy
Info
rma
tion
own
erInfor
mati
on
Tech
Mai
nten
ance
Info
Syste
m
Maint
enanc
e
Repor
t
Pie
Charts
Sreenivas Bathula
Sbathu2
To ensure
that work
force is
equipped
with
knowledge
related to
info-sec
related
operations
Home Work 9
the impact
of
scheduled
awareness
and
training
programs
on the
number
of security
related
incidents
Efficien
cy and
Implem
entatio
n
Quarterl
y
collectio
n and
reportin
g
652645479
Dark Knight
rma
tion
colle
ctorInfor
mati
on
Tech
Mai
nten
ance
Info
rma
tion
cust
ome
rsecu
rity
exec
utive
s
like
CIS
O,C
SO
Info
rma
tion
own
erTrai
ning
Man
ager
Informati
on
collectorTraining
Manager
Informati
on
customer
-security
executive
s like
CISO,CSO
Data
relate
d to
traini
ng
and
aware
ness
of
empl
oyees
Sreenivas Bathula
Sbathu2
5
To ensure
that
adequate
amount of
budget is
allocated to
info-sec
related
activities
and
functions
Home Work 9
Impact
the
percentage
of the
agencys
information
system
budget
devoted to
information
security
Semi
Annual
collectio
n and
reportin
g
652645479
Dark Knight
Informati
on
ownerCISO
Informati
on
collectorCISO
Informati
on
customer
-CSO
/CISO
Semi
Annu
al
Budg
et
alloca
tion
report
Bar
Graph
or Pie
Charts