| Peer-Reviewed

Overview of Security Metrics

Received: 29 October 2016     Accepted: 9 November 2016     Published: 5 December 2016
Views:       Downloads:
Abstract

Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management.

Published in Software Engineering (Volume 4, Issue 4)
DOI 10.11648/j.se.20160404.11
Page(s) 59-64
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2016. Published by Science Publishing Group

Keywords

Security, Metrics, Advantages, Information, Measurement

References
[1] Deepti Juneja, Kavita Arora, Sonia Duggal, "Developing Security Metrics For Information Security Measurement System", International Journal of Enterprise Computing and Business Systems, Vol. 1 Issue 2 July 2011, http://www.ijecbs.com.
[2] Christina Kormos, et al, "Using Security Metrics To Assess Risk Management Capabilities", 1999.
[3] Kristoffer Lundholm, Jonas Hallberg, Helena Granlund, "Design and Use of Information Security Metrics", Report no FOI-R--3189—SE, Application of the ISO/IEC 27004, 2011.
[4] Rostyslav Barabanov, "Information Security Metrics: State of the Art", DSV Report series No 11-007, Mar 25, 2011.
[5] Rainer B¨ohme, "Security Metrics and Security Investment Models", International Computer Science Institute, Berkeley, California, USA, 2010.
[6] Perpétus Houngbo, Joël Hounsou, "Measuring Information Security: Understanding And Selecting Appropriate Metrics", International Journal of Computer Science and Security (IJCSS), Volume (9): Issue (2): 2015.
[7] http://www.oxforddictionaries.com/definition/english/metric.
[8] http://www.oxforddictionaries.com/definition/english/measurement.
[9] http://www.oxforddictionaries.com/definition/english/measure.
[10] A. C. S. Associates, Information System Security Attribute Quantification or Ordering (Commonly but improperly known as “Security Metrics”). 2001.
[11] P. E. Black, K. Scarfone, and M. Souppaya, “Cyber security metrics and measures,” Wiley Handb. Sci. Technol. Homel. Secur., 2008.
[12] V. Verendel, “Quantified security is a weak hypothesis: a critical survey of results and assumptions,” in Proceedings of the 2009 workshop on New security paradigms workshop, 2009, pp. 37–50.
[13] S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006.
[14] Marte Tarnes, "Information Security Metrics: An Empirical Study of Current Practice", Specialization Project, Trondheim, 17th December 2012.
[15] Shirley C. Payne. A Guide to Security Metrics. SANS Institute Information Security Reading Room, June 2006.
[16] Lance Hayden. IT Security Metrics: A Practical Framework For Measuring Security & Protecting Data. McGraw-Hill Osborne Media, first edition, 2010.
[17] Andrew Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional, first edition, 2007.
[18] ISO/IEC 27004: 2009(E). Information technology - Security techniques - Information security management - Measurement - First edition. International Organization for Standardization, 2009.
[19] Chapin, D. A. & Akridge, S. (2005). How can security be measured? Information Systems Control Journal, http://www.isaca.org/Journal/Past-Issues/2005/Volume-2/Pages/default.aspx (2005). How can security be measured? Information Systems Control Journal, http://www.isaca.org/Journal/Past-Issues/2005/Volume-2/Pages/default.aspx.
[20] Jaquith, A., Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Addison-Wesley, 2007.
[21] Igli TASHI, Solange GHERNAOUTI-HÉLIE, "Security metrics to improve information security management", In Proceedings of the 6th Annual Security Conference, April 11-12, 2007, Las Vegas, NV, www.security-conference.org.
[22] D. Hubbard, Measure for measure: The Actuary, official magazine of SIAS and The Actuarial Profession, 2014.
[23] T. C. for I. Security, The CIS Security Metrics, 2010.
[24] M. Hoehl, Creating a monthly Information Security Scorecard for CIO and CFO. SANS Institute, 2010.
[25] J. Breier and L. Hudec, “Risk analysis supported by information security metrics,” in Proceedings of the 12th International Conference on Computer Systems and Technologies, pp. 393–398, 2011.
[26] S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006.
[27] ISO/IEC (2009a). ISO/IEC 27004: 2009, Information technology -- Security techniques -- Information security management -- Measurement. Geneva: ISO.
[28] Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., & Robinson, W. (2008). Performance measurement guide for information security. Gaithersburg, MD: National Institute of Standards and Technology, http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf.
[29] ISO/IEC (2009a). ISO/IEC 27004: 2009, Information technology -- Security techniques -- Information security management -- Measurement. Geneva: ISO.
Cite This Article
  • APA Style

    Rana Khudhair Abbas Ahmed. (2016). Overview of Security Metrics. Software Engineering, 4(4), 59-64. https://doi.org/10.11648/j.se.20160404.11

    Copy | Download

    ACS Style

    Rana Khudhair Abbas Ahmed. Overview of Security Metrics. Softw. Eng. 2016, 4(4), 59-64. doi: 10.11648/j.se.20160404.11

    Copy | Download

    AMA Style

    Rana Khudhair Abbas Ahmed. Overview of Security Metrics. Softw Eng. 2016;4(4):59-64. doi: 10.11648/j.se.20160404.11

    Copy | Download

  • @article{10.11648/j.se.20160404.11,
      author = {Rana Khudhair Abbas Ahmed},
      title = {Overview of Security Metrics},
      journal = {Software Engineering},
      volume = {4},
      number = {4},
      pages = {59-64},
      doi = {10.11648/j.se.20160404.11},
      url = {https://doi.org/10.11648/j.se.20160404.11},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.se.20160404.11},
      abstract = {Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management.},
     year = {2016}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Overview of Security Metrics
    AU  - Rana Khudhair Abbas Ahmed
    Y1  - 2016/12/05
    PY  - 2016
    N1  - https://doi.org/10.11648/j.se.20160404.11
    DO  - 10.11648/j.se.20160404.11
    T2  - Software Engineering
    JF  - Software Engineering
    JO  - Software Engineering
    SP  - 59
    EP  - 64
    PB  - Science Publishing Group
    SN  - 2376-8037
    UR  - https://doi.org/10.11648/j.se.20160404.11
    AB  - Metrics are tools that are designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. This paper provides an overview of the security metrics and its definition, needs, attributes, advantages, measures, types, issues/aspects and also classifies the security metrics and explains its relationship with risk management.
    VL  - 4
    IS  - 4
    ER  - 

    Copy | Download

Author Information
  • Computer Techniques Engineering Department, Al Rafidain University College, Baghdad, Iraq

  • Sections