Abstract
Imagine you are an information security manager and your boss is asking: “How secure are our information systems? Is the security getting better or worse? How do you know that?” One thing is sure: if you do not have a good answer, your own job may not be secure. You could answer that you are monitoring intrusion attempts and investigating alarms, that you are updating the anti-virus software on a regular basis and applying software patches on a timely basis, but that was not the question. Your boss wants to know not only whatyou have done to lower the risk, but how effective you have been. It is all about process, measurements, and trend monitoring.1
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
