Security Awareness Metrics Report: Advanced Topologies Inc.

Verified

Added on 2022/08/15

AI Summary

This report evaluates security awareness metrics and frameworks, focusing on Advanced Topologies Inc. The analysis categorizes metrics into activity, target, remediation, and monitor types, highlighting their importance in information security. The report emphasizes identifying business risks and aligning with security program goals. A security awareness plan is developed, incorporating audit standards and user empowerment through training on security threats, including phishing simulations. The report discusses the application of each metric type, with target metrics being crucial for the case organization. The findings recommend using these metrics to develop security policies and manage risks, aiding in identifying the impact on the firm. The auditors collect information to determine the effectiveness of security procedures and controls, mainly related to security incidents and individual security requirements. The report references key resources such as NIST publications and academic texts.

Running head: SECURITY AWARENESS METRICS
Security Awareness Metrics
Name of the Student:
Name of the University:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY AWARENESS METRICS
Security Awareness Metrics
The security metrics and frameworks are evaluated with respect to Advanced
Topologies Inc. Based on the case study organization, the security metrics is categorized as
activity related metric, target related metric, remediation metric and monitor related metric.
Those metrics are considered as important factor into the information security. It is focused
on identifying risks towards business organization and identifying aim and goals towards the
security program (Wilson & Hash, 2003). The metrics are focused on management of
security program.
Security awareness plan is developed for the case organization consisted of two main
features to measure the security risks in the business operations. The plan is consisted of audit
standards as well as compliance that the company should put in place to protect their data.
Other feature of the plan is to empower the users to take responsibility for protection against
the organizational data and information. The users are aware of the security measures by
getting training as well as education about the information protection. The training includes
widespread of the security threats (Whitman & Mattord, 2012). It provides the employees to
know about phishing attempts. It is one type of phishing of the simulation exercises.
In the case study, the security metrics mentioned above are used and in this section,
there is a discussion on the security metrics along with justifications. Activity metric is used
for resource allocation purpose. It is used to determine the number as well as type of security
incidents that can take time of the security staffs. The target metric is used to verify correct
application of the technical safety measures. The target is considered as total population
which can fall in scope of security measures (Swanson & Guttman, 1996). On the other hand,
the remediation metrics is used as subset of the target where the scope of target means 100%
measurement many not be identified. It is applied in the case to review the progress towards

2SECURITY AWARENESS METRICS
meetings specific goals over the scheduled timeline. Finally, monitor related metric is used to
verify correct implementation of the security measures along with monitor the security
procedures.
Among all the security metrics, target metrics is used to employ Advanced
Topologies on track. It is applied to verify if the things are in order and perform as per the
security requirements. It also verifies if the requirements along with measures are adhered to
as it is expected by the business organization. It is involved to focus on actual population.
Based on this case study, the target is considered as audit firm while the company makes the
community. It is recommended to use this security metrics in the case organization as there is
development of security policies and management of the risks should help to identify
negative impact on the firm (Kissel, 2011). The auditors are involved to collect information
which can help to identify reasons why the goals of the business are not achieved. It should
help to determine effectiveness of the security procedures as well as controls. It is mainly
related to the activities like security incident data to individual security requirements.

3SECURITY AWARENESS METRICS
References
Kissel, R. (Ed.). (2011). Glossary of key information security terms (NIST IR 7298 Rev.1).
Swanson, M. & Guttman, B. (1996). Generally accepted principles and practices for securing
information technology systems.
Whitman, M., & Mattord, H. (2012). High-assurance computing: Topics & case studies.
Boston, MA: Course Technology/Cengage Learning.
Wilson, M., & Hash, J. (2003). Building an information technology security awareness and
training program (NIST Special Publication 800-50).