AHFE Open AccessUsing Security Metrics to Determine Security Program Effectiveness
Abstract
Security objectives serve as the foundation for security metrics, which are used to guide decisions on how to increase the security of all parts engaged in providing services and processing data. Numerous data breaches are re-vealed each week, some of which may have affected tens or even hundreds of millions of people. Customers and regulators are both becoming more concerned about firms' information security procedures and their plans for preventing security breaches and protecting sensitive data. As a result, sever-al laws and regulations have been enacted to enhance cybersecurity risk management and to protect personal information that may be held or trans-mitted among businesses. The majority of these industry-specific and general data protection laws are complex, requiring ongoing oversight to maintain compliance throughout your business and the companies of your vendors. To gauge the effectiveness of and involvement in the usage of security con-trols, it is crucial to define a set of security metrics. A carefully defined set of metrics will help direct future security decisions and strengthen your or-ganization's security posture. In our study, we proposed to review security metrics to determine security program effectiveness for a company which is fictional for the scope of study. Firstly, we defined security metrics and their key indicators successfully. We discussed different scenarios for Trivest Technologies Limited company, which is fictional, we just used it for our scope of study. We successfully discussed, developed, and used KPIs, KRIs and KGIs; which are security metrics for the Trivest Technologies Limited company, and we found out that these security metrics help us determine the security program effectiveness for a company successfully. By implementation of its successful results, it also aligns with one of the United Nations Sustainable Development Goals i.e., 8th: Decent work and Economic Growth.
Keywords: Metrics, Security, UNSDGs, KPIs, KRIs, KGIs
DOI: 10.54941/ahfe1003720
Cite this paper
More from this volume
- Deployment of Ransomware Detection Using Dynamic Analysis and Machine Learning
- Keeping the human element to secure autonomous shipping operations
- Out of Sight but Still In Mind: Making ‘Invisible’ Cyber Threats More Salient Via Concrete Analogies
- Analysis of Risks to Data Privacy Throughout European Countries
- Maladaptive Behaviour in Phishing Susceptibility: How Email Context Influences the Impact of Persuasion Techniques
- The Effects of Cyber Readiness and Response on Human Trust in Self Driving Cars
- Social Engineering Penetration Testing within the OODCA Cycle – Approaches to Detect and Remediate Human Vulnerabilities and Risks in Information Security
- Bringing humans at the core of cybersecurity: Challenges and future research directions
- Enhancing practical cybersecurity skills: The ECSF and the CyberSecPro European efforts
- C.S. Technopoly: A Megagame for Teaching and Learning Cybersecurity
- Training the Trainers for Cybersecurity Exercises - Developing EXCON-teams
- Architectural Design for Secure Smart Contract Development