3 of 3 people found the following review helpful
This review is from: IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data (Paperback)
Amongst the plethora of books published these days on security, there are a wide range of topics being tackled with often too much prescription and too little focus. This leaves one to wonder if much of this should simply be ignored and we should focus on basics; however, some of it is too good to be let by.
I have a similar dilemma with this book. The author presents an extensive treatment of security metrics, starting from the context, then basic definitions and then on to case studies and some valuable practical advice. Much of this, however, is not new and the first part (first three chapters) does not serve to motivate as it discusses a set of ideas too familiar to a (security) reader.
Not too often do I come across a book as verbose as this: page after page, there is text (and, I am afraid, jumping from one idea to another) and more text. This makes it difficult to follow even a simple idea. This is a classic example of a book where illustrations could have helped (along with relevant editorial support).
If I had to choose one chapter to recommend, I would choose chapter 8, as the author delves into interesting detail about security compliance and auditing standards. This is good as it acknowledges existing initiatives to tackle some of the problems mentioned in this book.
I would not recommend this book to the wider (security) readership. Those new to the concept of security metrics may find parts of it a good introduction to some of the underlying motives for such efforts.
(1 customer review)