Assignment 9: Security Policy & Measurement

Name:

Tutor:

Course:

Date:

Assignment 9: Security Policy & Measurement

1.         The significance of measuring IT is based on the protection of the enterprise against security risks. Accordingly, the enumeration of IT goes hand in hand with the measure of information security. As such, measuring IT provides information regarding the security loopholes that may exist within the system and influence the implementation of an appropriate mitigation measure. In general, the company benefits from measurement based on the data it provides concerning its levels of information security.

2.         In order to develop performance measures for its IT function, an organization can start by establishing adequate policies related specifically to this subject. These policies will guide the IT personnel into understanding the importance of performance measures. Following this, it will be imperative to base the performance measures on enumerable metrics. For instance, assessing IT performance can utilize the four key metrics designed for information security. These comprise Activity-Based Metrics, Target-Based, Remediation, and Monitor-Based Metrics.

3.         In relation to the observation of information security, four security metrics are defined upon which the analysis of IT security can take place successfully. The first one comprises the Activity-Related Metric. This metric focuses primarily on the measurement of work activity. The second dimension, the Target-Related Metric, constitutes a measure that possesses a specific, measurable target. Thirdly, the Remediation Metric indicates the progress towards the attainment of a particular goal. Lastly, the Monitor-Related Metric focuses primarily on the monitoring of IT processes.

4.         Risk management is an important process since it ensures that the resources within IT are recognized and secured. In this case, risk management policies assist organizations in understanding the threats that may affect these resources. Hence, for purposes of guaranteeing effectiveness of such guidelines, a Monitor-Related Metric would function as the best fit. This is because it will influence the evaluation of different IT processes. This will enable it to be aware of the system, its constituents, and the security deficiencies that may essentially act as a threat to the resources.