Paul E. Black, Karen Scarfone, and Murugiah Souppaya,
Cyber Security Metrics and Measures, in
Wiley
Handbook of Science and Technology for Homeland Security, John
Voeller ed.-in-chief, John Wiley & Sons, Inc., (on-line) Feb 2009.
- Abstract:
-
Metrics are tools to facilitate decision making and improve
performance and accountability. Measures are quantifiable,
observable, and objective data supporting metrics. Operators can use
metrics to apply corrective actions and improve performance.
Regulatory, financial, and organizational factors drive the
requirement to measure IT security performance. Potential security
metrics cover a broad range of measurable features, from security
audit logs of individual systems to the number of systems within an
organization that were tested over the course of a year. Effective
security metrics should be used to identify weaknesses, determine
trends to better utilize security resources, and judge the success
of failure of implemented security solutions.
Get a proof of the chapter in
PDF (150k).
This page's URL
is /~black/Papers/cyberSecurityMetrics2007.html
Updated
Fri Dec 16 12:49:03 2011
by Paul E. Black
(paul.black@nist.gov)
Go to
Black's papers or
NIST home page.