Sreenivas Bathula

Sbathu2

Home Work 9

652645479
Dark Knight

Problems 2.7.4-2.7.5
7.4 Download and review NIST SP 800-55 Rev. 1, Performance Measurement Guide for
Information Security. Using this document, identify five NEW measures you would
be interested in finding the results from based on your home computing systems
and/or case study network.
Solution:
Based on our case study, I would be interested in finding the results for the following
five new measures.
a. The percentage of servers within a system with a standard configuration
b. the percentage of server failure incidents the percentage of system components that
undergo maintenance
c. the percentage of system components that undergo maintenance on schedule
d. the impact of scheduled awareness and training programs on the number
of security related incidents
a. the percentage of the agencys information system budget devoted to information
security

7.5 Using the template provided in Table 7-2 in the book, develop documentation for
each of the performance measures you selected in the above.
Solution:
ID

Goal

To ensure
secure that
organization
is using
standard
system
components

Measure

The
percentage
of servers
within a
system
with a
standard
configurati
on.

Type

Frequen
cy

Responsibl
e parties

Implem
entatio
n

Quarterl
y
collectio
n and
reportin
g

Informati
on
owner- IT
maintena
nce
personnel
Informati
on
collectorIT
maintena
nce
personnel
Informati
on

Data
Sourc
e
Syste
m
maint
enan
ce
repor
t

Reportin
g
Format
Table
with
individu
al
compon
ents
informa
tion and
pie
charts
compari
ng
standar
dized
compon

Sreenivas Bathula
Sbathu2

Home Work 9

652645479
Dark Knight
customer
- security
executive
s like
CISO,CSO

To identify
the root
cause for
server
downtime
and
minimize the
downtime

the
percentage
of server
failure
incidents

Efficien
cy

Bi
weekly
collectio
n
frequen
cy

Info
rma
tion
own
erInci
dent
Rep
ort
Man
ager

ents as
a part
of total
compon
ents

Inci
dent
repo
rts

Time
series
charts

Informati
on
collectorIncident
Manager
Informati
on
customer
- security
executive
s like
CISO,CSO
3

To ensure
that system
is
maintained
at regular
intervals
with latest
security
patches and
protections
that are
standard in
the specific
industry

the
percentage
of system
component
s that
undergo
maintenan
ce on
schedule

Efficien
cy

Monthly
collectio
n and
reportin
g
frequen
cy

Info
rma
tion
own
erInfor
mati
on
Tech
Mai
nten
ance
Info

Syste
m
Maint
enanc
e
Repor
t

Pie
Charts

Sreenivas Bathula
Sbathu2

To ensure
that work
force is
equipped
with
knowledge
related to
info-sec
related
operations

Home Work 9

the impact
of
scheduled
awareness
and
training
programs
on the
number
of security
related
incidents

Efficien
cy and
Implem
entatio
n

Quarterl
y
collectio
n and
reportin
g

652645479
Dark Knight
rma
tion
colle
ctorInfor
mati
on
Tech
Mai
nten
ance
Info
rma
tion
cust
ome
rsecu
rity
exec
utive
s
like
CIS
O,C
SO
Info
rma
tion
own
erTrai
ning
Man
ager
Informati
on
collectorTraining
Manager
Informati
on
customer
-security
executive
s like
CISO,CSO

Data
relate
d to
traini
ng
and
aware
ness
of
empl
oyees

Sreenivas Bathula
Sbathu2
5

To ensure
that
adequate
amount of
budget is
allocated to
info-sec
related
activities
and
functions

Home Work 9
Impact

the
percentage
of the
agencys
information
system
budget
devoted to
information
security

Semi
Annual
collectio
n and
reportin
g

652645479
Dark Knight
Informati
on
ownerCISO
Informati
on
collectorCISO
Informati
on
customer
-CSO
/CISO

Semi
Annu
al
Budg
et
alloca
tion
report

Bar
Graph
or Pie
Charts