Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management.
| Published in | Software Engineering (Volume 4, Issue 4) |
| DOI | 10.11648/j.se.20160404.11 |
| Page(s) | 59-64 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2016. Published by Science Publishing Group |
Security, Metrics, Advantages, Information, Measurement
| [1] | Deepti Juneja, Kavita Arora, Sonia Duggal, "Developing Security Metrics For Information Security Measurement System", International Journal of Enterprise Computing and Business Systems, Vol. 1 Issue 2 July 2011, http://www.ijecbs.com. |
| [2] | Christina Kormos, et al, "Using Security Metrics To Assess Risk Management Capabilities", 1999. |
| [3] | Kristoffer Lundholm, Jonas Hallberg, Helena Granlund, "Design and Use of Information Security Metrics", Report no FOI-R--3189—SE, Application of the ISO/IEC 27004, 2011. |
| [4] | Rostyslav Barabanov, "Information Security Metrics: State of the Art", DSV Report series No 11-007, Mar 25, 2011. |
| [5] | Rainer B¨ohme, "Security Metrics and Security Investment Models", International Computer Science Institute, Berkeley, California, USA, 2010. |
| [6] | Perpétus Houngbo, Joël Hounsou, "Measuring Information Security: Understanding And Selecting Appropriate Metrics", International Journal of Computer Science and Security (IJCSS), Volume (9): Issue (2): 2015. |
| [7] | http://www.oxforddictionaries.com/definition/english/metric. |
| [8] | http://www.oxforddictionaries.com/definition/english/measurement. |
| [9] | http://www.oxforddictionaries.com/definition/english/measure. |
| [10] | A. C. S. Associates, Information System Security Attribute Quantification or Ordering (Commonly but improperly known as “Security Metrics”). 2001. |
| [11] | P. E. Black, K. Scarfone, and M. Souppaya, “Cyber security metrics and measures,” Wiley Handb. Sci. Technol. Homel. Secur., 2008. |
| [12] | V. Verendel, “Quantified security is a weak hypothesis: a critical survey of results and assumptions,” in Proceedings of the 2009 workshop on New security paradigms workshop, 2009, pp. 37–50. |
| [13] | S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006. |
| [14] | Marte Tarnes, "Information Security Metrics: An Empirical Study of Current Practice", Specialization Project, Trondheim, 17th December 2012. |
| [15] | Shirley C. Payne. A Guide to Security Metrics. SANS Institute Information Security Reading Room, June 2006. |
| [16] | Lance Hayden. IT Security Metrics: A Practical Framework For Measuring Security & Protecting Data. McGraw-Hill Osborne Media, first edition, 2010. |
| [17] | Andrew Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional, first edition, 2007. |
| [18] | ISO/IEC 27004: 2009(E). Information technology - Security techniques - Information security management - Measurement - First edition. International Organization for Standardization, 2009. |
| [19] | Chapin, D. A. & Akridge, S. (2005). How can security be measured? Information Systems Control Journal, http://www.isaca.org/Journal/Past-Issues/2005/Volume-2/Pages/default.aspx (2005). How can security be measured? Information Systems Control Journal, http://www.isaca.org/Journal/Past-Issues/2005/Volume-2/Pages/default.aspx. |
| [20] | Jaquith, A., Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Addison-Wesley, 2007. |
| [21] | Igli TASHI, Solange GHERNAOUTI-HÉLIE, "Security metrics to improve information security management", In Proceedings of the 6th Annual Security Conference, April 11-12, 2007, Las Vegas, NV, www.security-conference.org. |
| [22] | D. Hubbard, Measure for measure: The Actuary, official magazine of SIAS and The Actuarial Profession, 2014. |
| [23] | T. C. for I. Security, The CIS Security Metrics, 2010. |
| [24] | M. Hoehl, Creating a monthly Information Security Scorecard for CIO and CFO. SANS Institute, 2010. |
| [25] | J. Breier and L. Hudec, “Risk analysis supported by information security metrics,” in Proceedings of the 12th International Conference on Computer Systems and Technologies, pp. 393–398, 2011. |
| [26] | S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006. |
| [27] | ISO/IEC (2009a). ISO/IEC 27004: 2009, Information technology -- Security techniques -- Information security management -- Measurement. Geneva: ISO. |
| [28] | Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., & Robinson, W. (2008). Performance measurement guide for information security. Gaithersburg, MD: National Institute of Standards and Technology, http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf. |
| [29] | ISO/IEC (2009a). ISO/IEC 27004: 2009, Information technology -- Security techniques -- Information security management -- Measurement. Geneva: ISO. |
APA Style
Rana Khudhair Abbas Ahmed. (2016). Overview of Security Metrics. Software Engineering, 4(4), 59-64. https://doi.org/10.11648/j.se.20160404.11
ACS Style
Rana Khudhair Abbas Ahmed. Overview of Security Metrics. Softw. Eng. 2016, 4(4), 59-64. doi: 10.11648/j.se.20160404.11
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.se.20160404.11,
author = {Rana Khudhair Abbas Ahmed},
title = {Overview of Security Metrics},
journal = {Software Engineering},
volume = {4},
number = {4},
pages = {59-64},
doi = {10.11648/j.se.20160404.11},
url = {https://doi.org/10.11648/j.se.20160404.11},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.se.20160404.11},
abstract = {Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management.},
year = {2016}
}
TY - JOUR T1 - Overview of Security Metrics AU - Rana Khudhair Abbas Ahmed Y1 - 2016/12/05 PY - 2016 N1 - https://doi.org/10.11648/j.se.20160404.11 DO - 10.11648/j.se.20160404.11 T2 - Software Engineering JF - Software Engineering JO - Software Engineering SP - 59 EP - 64 PB - Science Publishing Group SN - 2376-8037 UR - https://doi.org/10.11648/j.se.20160404.11 AB - Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management. VL - 4 IS - 4 ER -
Information
Email: