Volume 4, Issue 4, July 2016, Page: 59-64
Overview of Security Metrics
Rana Khudhair Abbas Ahmed, Computer Techniques Engineering Department, Al Rafidain University College, Baghdad, Iraq
Received: Oct. 29, 2016;       Accepted: Nov. 9, 2016;       Published: Dec. 5, 2016
DOI: 10.11648/j.se.20160404.11      View  4337      Downloads  126
Abstract
Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management.
Keywords
Security, Metrics, Advantages, Information, Measurement
To cite this article
Rana Khudhair Abbas Ahmed, Overview of Security Metrics, Software Engineering. Vol. 4, No. 4, 2016, pp. 59-64. doi: 10.11648/j.se.20160404.11
Copyright
Copyright © 2016 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Reference
[1]
Deepti Juneja, Kavita Arora, Sonia Duggal, "Developing Security Metrics For Information Security Measurement System", International Journal of Enterprise Computing and Business Systems, Vol. 1 Issue 2 July 2011, http://www.ijecbs.com.
[2]
Christina Kormos, et al, "Using Security Metrics To Assess Risk Management Capabilities", 1999.
[3]
Kristoffer Lundholm, Jonas Hallberg, Helena Granlund, "Design and Use of Information Security Metrics", Report no FOI-R--3189—SE, Application of the ISO/IEC 27004, 2011.
[4]
Rostyslav Barabanov, "Information Security Metrics: State of the Art", DSV Report series No 11-007, Mar 25, 2011.
[5]
Rainer B¨ohme, "Security Metrics and Security Investment Models", International Computer Science Institute, Berkeley, California, USA, 2010.
[6]
Perpétus Houngbo, Joël Hounsou, "Measuring Information Security: Understanding And Selecting Appropriate Metrics", International Journal of Computer Science and Security (IJCSS), Volume (9): Issue (2): 2015.
[7]
http://www.oxforddictionaries.com/definition/english/metric.
[8]
http://www.oxforddictionaries.com/definition/english/measurement.
[9]
http://www.oxforddictionaries.com/definition/english/measure.
[10]
A. C. S. Associates, Information System Security Attribute Quantification or Ordering (Commonly but improperly known as “Security Metrics”). 2001.
[11]
P. E. Black, K. Scarfone, and M. Souppaya, “Cyber security metrics and measures,” Wiley Handb. Sci. Technol. Homel. Secur., 2008.
[12]
V. Verendel, “Quantified security is a weak hypothesis: a critical survey of results and assumptions,” in Proceedings of the 2009 workshop on New security paradigms workshop, 2009, pp. 37–50.
[13]
S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006.
[14]
Marte Tarnes, "Information Security Metrics: An Empirical Study of Current Practice", Specialization Project, Trondheim, 17th December 2012.
[15]
Shirley C. Payne. A Guide to Security Metrics. SANS Institute Information Security Reading Room, June 2006.
[16]
Lance Hayden. IT Security Metrics: A Practical Framework For Measuring Security & Protecting Data. McGraw-Hill Osborne Media, first edition, 2010.
[17]
Andrew Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional, first edition, 2007.
[18]
ISO/IEC 27004: 2009(E). Information technology - Security techniques - Information security management - Measurement - First edition. International Organization for Standardization, 2009.
[19]
Chapin, D. A. & Akridge, S. (2005). How can security be measured? Information Systems Control Journal, http://www.isaca.org/Journal/Past-Issues/2005/Volume-2/Pages/default.aspx (2005). How can security be measured? Information Systems Control Journal, http://www.isaca.org/Journal/Past-Issues/2005/Volume-2/Pages/default.aspx.
[20]
Jaquith, A., Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Addison-Wesley, 2007.
[21]
Igli TASHI, Solange GHERNAOUTI-HÉLIE, "Security metrics to improve information security management", In Proceedings of the 6th Annual Security Conference, April 11-12, 2007, Las Vegas, NV, www.security-conference.org.
[22]
D. Hubbard, Measure for measure: The Actuary, official magazine of SIAS and The Actuarial Profession, 2014.
[23]
T. C. for I. Security, The CIS Security Metrics, 2010.
[24]
M. Hoehl, Creating a monthly Information Security Scorecard for CIO and CFO. SANS Institute, 2010.
[25]
J. Breier and L. Hudec, “Risk analysis supported by information security metrics,” in Proceedings of the 12th International Conference on Computer Systems and Technologies, pp. 393–398, 2011.
[26]
S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006.
[27]
ISO/IEC (2009a). ISO/IEC 27004: 2009, Information technology -- Security techniques -- Information security management -- Measurement. Geneva: ISO.
[28]
Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., & Robinson, W. (2008). Performance measurement guide for information security. Gaithersburg, MD: National Institute of Standards and Technology, http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf.
[29]
ISO/IEC (2009a). ISO/IEC 27004: 2009, Information technology -- Security techniques -- Information security management -- Measurement. Geneva: ISO.
Browse journals by subject