Metrics

These metrics represent a mapping of the enterprise information protection model to practices circa 2005. They are still useful in measuring but the standards are potentially different from what would reasonably be expected today.

• Introduction to the metrics
• Overview of the protection program
• Business Models
• Duty To Protect
• Business Risk Management
• Management Architecture
• Policy
• Standards - ISO-17799
• Standards - GAISP
• Standards - CMM-Sec
• Standards - COBIT
• Standards - COSO
• Standards - CISWG
• Standards Rollup
• Procedures
• Personnel
• Legal
• Technical Safeguards - Informational
• 7.3.7-Technical Safeguards - Physical
• Incident Handling
• Audit
• Knowledge
• Awareness
• Documentation
• Organizational Perspectives Roll-up
• Protection Objectives
• Access Controls
• Functional Units
• Perimeters
• Access Process
• Change Control
• Techincal Security Architecture - Context
• Lifecycles - Business
• LifeCycles - People
• LifeCycles - Systems
• Lifecycles - Data
• Data States
• Attack and Defense Process
• Workflow
• Protective Mechanisms
• Overall Rollup