Techniques for enterprise network security metrics
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Information security investment decisions: evaluating the Balanced Scorecard method
International Journal of Business Information Systems
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
CAMUS: automatically mapping cyber assets to missions and users
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Can we measure security and how?
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.00 |
This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports.