Analytics and InfoSec, Part 3 - KPIs and KAIs
Guest Blog by Cyber-Security and Cyber-Terrorism Expert Michael Young, Finale
Contact
Print
I turned my blog over to Cyber-Security and Cyber-Terrorism Expert Michael Young, CEO of Code War Security the past two Fridays and am now sharing the finale of the three part series.
Michael talked about the threats to a business system in part 1 and shared the good news -- that simple analytics can serve you well in knowing when your system has been compromised -- in part 2. Here he tells us about the KPIs and KAIs of cyber security.
Pattern Definition is the practice of maintaining a nominal state of an enterprise network. That is, a day-to-day operation in any organization has a specific pattern with a pre-determined standard deviation. This represents business as usual.
Change management practices properly employed allows for the adjustment of the operational pattern and constant update based upon the daily change that occurs on all enterprise networks. A typical pattern allows for web traffic both internal and external, database communications, email, conferencing and any other business utilized in the organization.
A statistical analysis of the traffic will show how much network bandwidth is utilized and for what purpose. This creates a pattern of accepted behavior. Some days more traffic in specified areas and others less.
The mean traffic is established daily, weekly and monthly. The standard deviation is averages of the ups and downs in each known traffic area. This standard deviation in traffic is assigned and reassessed each month.
Any network pattern that falls outside the standard deviation may indicate an anomaly to be investigated. If traffic is to low, there may be a server or device failure. If traffic is too high, the pattern may indicate an attack. In time, traffic analysis based upon these statistics can be used to develop new defenses and potentially negate attacks.
This is a method of Holistic Security, which provides Key Performance Indicators (KPI) and Key Anomaly Indicators (KAI) to managed and gage the effectiveness of an information system security program.
Michael Young's Bio
has serverd as Chief Information Security Officer (CISO) and Principle Privacy Officer, State Street Global Advisors, State Street Corporation, Senior IT Management and Technology Consultant, DMR Consulting Group, Dublin Ireland, IT Consultant, Fife Regional Council and Local Government Authority, Fife Scotland UK and Senior IT Director, Special Programs, Sanders a Lockheed Martin Company in addition to his naval duties.
As CISO of SSgA, Michael created and managed the global information security program for SSgA. From March of 2000 to April of 2002, Michael, acted as principle advisor to the CEO, CIO, Compliance and Risk Officer on all matters concerning technology security and global privacy legislation and the affects of the legislation on IT operations.
Michael has worked with and advised Amdahl Corporation, Fujitsu, AXA Insurance - France, Liverpool Victory Building Society – England, Bank of Ireland, Allied Irish Bank, and Creative Labs Europe in the areas of enterprise system management, enterprise architecture, application architecture, messaging, service level agreements, service management, and Information Security. You can reach Michael at Code War Security or (603) 654-9522.
Please contact NextStage for information regarding presentations and trainings on this and other topics.
Links for this post:
- "Know How Someone Is Thinking in 10 Seconds or Less" Half-day training at the Fashion Institute of Technology in NYC, 13 June 08
- SUNY Marketing Professionals Conference at the Fashion Institute of Technology in NYC, 11-13 June 08
Sign up for The NextStage Irregular, our very irregular, definitely frequency-wise and probably topic-wise newsletter.
