|
In Information technology benchmarking of computer security requires measurements for comparing both different IT systems and single IT systems in dedicated situations. The technical approach is a pre-defined catalog of security events (security incident and vulnerability (computing)) together with corresponding formula for the calculation of security indicators that are accepted and comprehensive. Information Security Indicators have been standardized by the ETSI Industrial Specification Group (ISG) ISI. These indicators provide the basis to switch from a qualitative to a quantitative culture in IT Security Scope of measurements: External and internal threats (attempt and success), user’s deviant behaviours, nonconformities and/or vulnerabilities (software, configuration, behavioural, general security framework). The list of Information Security Indicators belongs to the ISI framework that consists of the following five closely linked Work Items: # ISI Indicators (ISI-001-1 〔ETSI GS ISI 001-1 (V1.1.2): ISI Indicators Part 1; A full set of operational indicators for organizations to use to benchmark their security posture (2015-06) ()〕 and Guide ISI-001-2 〔ETSI GS ISI 001-2 (V1.1.2): ISI Indicators Part 2; Guide to select operational indicators based on the full set given in part 1 (2015-06) ()〕): A powerful way to assess security controls level of enforcement and effectiveness (+ benchmarking) # ISI Event Model (ISI-002 〔ETSI GS ISI 002 (V1.2.1): ISI Event Model; A security event classification model and taxonomy (2015-11) ()〕): A comprehensive security event classification model (taxonomy + representation) # ISI Maturity (ISI-003 〔ETSI GS ISI 003 (V1.1.2): ISI Key Performance Security Indicators (KPSI) to evaluate the maturity of security event detection (2014-06) ()〕): Necessary to assess the maturity level regarding overall SIEM capabilities (technology/people/process) and to weigh event detection results. Methodology complemented by ISI-005 (which is a more detailed and case by case approach) # ISI Guidelines for event detection implementation (ISI-004 〔ETSI GS ISI 004 (V1.1.1): ISI Guidelines for event detection implementation (2013-12) ()〕): Demonstrate through examples how to produce indicators and how to detect the related events with various means and methods (with classification of use cases/symptoms) # ISI Event Stimulation (ISI-005 〔ETSI GS ISI 005 (V1.1.1): ISI Guidelines for security event detection testing and asseessmeent of detection effectiveness (2015-11) ()〕): Propose a way to produce security events and to test the effectiveness of existing detection means (for major types of events) Preliminary work on information security indicators have been done by the French Club R2GS. The first public set of the ISI standards (security indicators list and event model) have been released in April 2013. ==References== 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Information security indicators」の詳細全文を読む スポンサード リンク
|