Security metrics are required to provide a quantitative and objective basis for security operations such as support for decision making, software quality assurance, and maintenance of reliable security operations. Based on the National Institute of Standards and Technology (NIST), a metric implies a measurement system that is based on quantifiable measures. A measurement method used to determine the unit of a quantity may be a measuring instrument, a reference material, or a measurement system.
The measurement of a safety information system involves the application of a method of measuring one or more parts of the system having a taxable security property in order to obtain a measured value. The goal is to enable an organization to evaluate its security objectives. …show more content…
In addition, the result must be repeatable so that a second evaluation by the team produces the same results. All measurement results should be relevant to the organization. Many of the traditional concepts in the field of metrology, which are used in the physical sciences, such as the use of fundamental units, scales and uncertainty, have either not been applied or applied in a less rigorous way.
Quantitative metrics for the IT security system generally reflect the reasoned estimates of a security assessor. These measures of security system information properties, which are often based on the evaluator's experience, cannot be repeated. Problems in developing security metrics efforts include the Trusted Computer System and the Security Systems Engineering Capability Maturity Model. These agreements have met with limited success. Their opinion suggests some key factors that need to be addressed by safety
The measurement of a safety information system involves the application of a method of measuring one or more parts of the system having a taxable security property in order to obtain a measured value. The goal is to enable an organization to evaluate its security objectives. …show more content…
In addition, the result must be repeatable so that a second evaluation by the team produces the same results. All measurement results should be relevant to the organization. Many of the traditional concepts in the field of metrology, which are used in the physical sciences, such as the use of fundamental units, scales and uncertainty, have either not been applied or applied in a less rigorous way.
Quantitative metrics for the IT security system generally reflect the reasoned estimates of a security assessor. These measures of security system information properties, which are often based on the evaluator's experience, cannot be repeated. Problems in developing security metrics efforts include the Trusted Computer System and the Security Systems Engineering Capability Maturity Model. These agreements have met with limited success. Their opinion suggests some key factors that need to be addressed by safety