Developing Operational Security Metrics to Meet Business Value Identity management is just one area of information assurance that needs to be improved in an organization. An information assurance...

Identity management is just one area of information assurance that needs to be improved in an organization. An information assurance professional needs to have a good understanding of how well all areas of security and information assurance are being managed and maintained. Metrics are very important instruments for managing security and information assurance. Examples of metrics from other areas of security that can be more quantitative and meaningful include:

• Tracking the number of security intrusion detection incidents on a monthly basis


• Breaking intrusion detection incidents down by Week and country because this will demonstrate if security is weak in some functional area


• Recording the business impact of each intrusion detection incident

For this Project, write a 4- to 6-page paper in which you create 8–10 operational metrics, and explain how these metrics demonstrate the overall efficacy of the information assurance program at your organization. In the paper, respond to the following:

• How do you determine acceptable baselines for the metrics you created?


• How are these metrics efficacious to the teams involved in the operation of security controls?

Because you are using a fictitious scenario, state any assumptions you make.