Development of an IT-Security Performance Measurement System

Inhaltsangabe:Abstract: Adequate security of information and the systems that process it is a fundamental management responsibility. Management must understand the current status of their IT-Security program in order to make informed decisions. In this context, this Bachelor Thesis proposes a Performance Measurement System for IT-Security, which is designed to be well-balanced and comprehensive. It views IT-Security from four perspectives: Organisational, Financial, Operational and Personnel. The documentation of the system contains the key figures and their interrelationships. With its modular design, it can either be used out-off-the-box or tailored to the specific requirements of the organisation. Chapter 1 briefly discusses the reason for this Bachelor Thesis and introduces the problem statement. Chapter 2 explores the basic concepts behind both IT-Security and performance measurement. Chapter 3 covers general requirements, which are fundamental principles needed to be taken into consideration when building an IT-Security Performance Measurement System. Chapter 4 describes the approach taken for the design of the system. Chapter 5 introduces the Performance Measurement System for IT-Security. Inhaltsverzeichnis:Table of Contents: 1.Introduction1 1.1Motivation1 1.2Problem Statement2 2.Theoretical Background3 2.1Performance Measurement4 2.1.1Definitions4 2.1.2Key Figures4 2.1.3The Balanced Scorecard6 2.2IT-Security7 2.2.1Goals of IT-Security7 2.2.2Security Policy9 2.2.3Incident Response10 2.3Risk Management11 2.3.1The Asset/Threat/Vulnerability/Safeguard Concept11 2.3.2Risk Assessment12 2.3.3Risk Mitigation13 2.4Existing Standards for IT-Security14 2.4.1Standards for Information Security Management14 2.4.2Standards for Evaluation15 2.4.3Standards for Development15 2.4.4Standards for a Common Terminology16 3.Requirements19 3.1General Requirements20 3.1.1Financial Requirements20 3.1.2Regulatory Requirements20 3.1.3Organisational Requirements20 3.1.4Requirements for Performance Measurement21 3.2Requirements at a Glance22 4.Development Approach23 4.1Top-Down vs. Bottom-Up23 4.1.1Top-Down23 4.1.2Bottom-Up24 4.1.3Comparison26 4.2Development Approach chosen26 5.Findings29 5.1Top-Down Findings30 5.1.1Generic Security Model30 5.1.2Self-Assessment Guide31 5.1.3Findings and Discussion34 5.2Bottom-Up Findings36 5.2.1List of Key Figures36 5.2.2Relationships38 5.3Meet in the Middle39 5.4Discussion of Key [...]