Using metrics and KPI to monitor information security performance
This is not a real time monitoring tool as much as it is a management tool to assess the effectiveness of information security program. It is part of optimization and alignment process and help document the proper governance of technology investments.
Metrics and KPI are pre-determined threshold values who help determine if parameters (goals) that have been assigned have actually been achieved in processes and activities.
Creating metrics from security systems and sensors activities-generated log reports and security processes derived measurement (from baseline)
metrics are generally obtained by collecting a series of measurement which can be interpreted by baseline over a time period (frequencies) or against a baseline of performance goals. It related to a set of activities more then to a discrete one-time event. We aim at introducing excellence in design and management of security systems using quantitative analysis and defect discovery.
A maturity level approach for security policies can be incorporate Cobit
key drivers can be strategic ( the upper management anticipates that a better training management of password/key I.e significant drops in forgotten password will diminish risk of data loss)
or tactical (failed login attempt: break-in vs poor password management)
we help you establish security metrics monitoring program that we help identify the key following considerations:
-quality of implementation of security policies
-impact of measures to the availability / confidentiality / integrity of information systems operation
-analysis of data from IT systems adherence to rules, policies and procedures in order to determine compliance with the security policies
-evaluate the effectiveness of policies and security controls for risk management
-conduct trend analysis to identify areas in which security practices and tools are defficient
quantitative methods can be developed to assess the maturity level of security processes, and the entire infosec program covering training, certification,
-establishing a repository of collected data regarding security conditions of system, as a future strategic planning and tactical threat/anomaly correlation tool.
Establishing methodology to collect data & measurement from operational systems, security applications deployed,
Building a log monitoring infrastructure
Hadoop
Leveraging Open Source and Linux to build a state-of-the-art Information Security infrastructure.
Why Open Source in information security?
Open source application development is generally governed by openness of code during the system lifecycle. That means that most often processes are in place for open peer review, scrutiny and contribution. This is very handy when it comes to devising standards at large.
Security Tools including
Squid Proxy Web Filtering Security
IPTables Firewall Security
SELinux Security – MAC-based Security Controls
Network Intrusion Detection System (NIDS)
Host Based Intrusion Detection
WireShark Packet Capture and Analysis
Pluggable Authentication Modules (PAM)
Open Secure Shell version 2 (OpenSSHv2)
OpenPGP with Gnu Privacy Guard (GPG)
Secure File Transfer Protocol (SFTP)
and more
