Development of an IT-Security Performance Measurement System

Inhaltsangabe:Abstract:

Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions.

In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, which is designed to be well-balanced and comprehensive. It views IT-Security from four perspectives: Organisational, Financial, Operational and Personnel.

The documentation of the system contains the key figures and their interrelationships. With its modular design, it can either be used out-off-the-box or tailored to the specific requirements of the organisation.

Chapter 1 briefly discusses the reason for this Bachelor Thesis and introduces the problem statement. Chapter 2 explores the basic concepts behind both IT-Security and performance measurement. Chapter 3 covers general requirements, which are fundamental principles needed to be taken into consideration when building an IT-Security Performance Measurement System. Chapter 4 describes the approach taken for the design of the system. Chapter 5 introduces the Performance Measurement System for IT-Security.





Inhaltsverzeichnis:Table of Contents:

1.Introduction1

1.1Motivation1

1.2Problem Statement2

2.Theoretical Background3

2.1Performance Measurement4

2.1.1Definitions4

2.1.2Key Figures4

2.1.3The Balanced Scorecard6

2.2IT-Security7

2.2.1Goals of IT-Security7

2.2.2Security Policy9

2.2.3Incident Response10

2.3Risk Management11

2.3.1The Asset/Threat/Vulnerability/Safeguard Concept11

2.3.2Risk Assessment12

2.3.3Risk Mitigation13

2.4Existing Standards for IT-Security14

2.4.1Standards for Information Security Management14

2.4.2Standards for Evaluation15

2.4.3Standards for Development15

2.4.4Standards for a Common Terminology16

3.Requirements19

3.1General Requirements20

3.1.1Financial Requirements20

3.1.2Regulatory Requirements20

3.1.3Organisational Requirements20

3.1.4Requirements for Performance Measurement21

3.2Requirements at a Glance22

4.Development Approach23

4.1Top-Down vs. Bottom-Up23

4.1.1Top-Down23

4.1.2Bottom-Up24

4.1.3Comparison26

4.2Development Approach chosen26

5.Findings29

5.1Top-Down Findings30

5.1.1Generic Security Model30

5.1.2Self-Assessment Guide31

5.1.3Findings and Discussion34

5.2Bottom-Up Findings36

5.2.1List of Key Figures36

5.2.2Relationships38

5.3Meet in the Middle39

5.4Discussion of Key […]



Inhaltsangabe:Abstract:

Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions.

In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, ...