This bulletin summarizes the information that was presented in NIST Interagency Report (NISTIR)7564, Directions in Security Metrics Research, by Wayne Jansen. The publication examines past efforts to develop security measurements that could help organizations make informed decisions about the design of systems, the selection of controls, and the efficiency of security operations. The author points to possible areas of future research that could lead to improved metrics. The bulletin summarizes portions of the publication that explain security metrics, and the aspects of security measurements that help organizations establish and maintain secure systems. Also included in the bulletin are descriptions of the areas of needed research, which could provide solutions to he difficult problems experienced in using security metrics, and that could lead to the development of improved security metrics.
This bulletin summarizes the information that was presented in NIST Interagency Report (NISTIR)7564, Directions in Security Metrics Research, by Wayne Jansen. The publication examines past efforts to develop security measurements that could help organizations make informed decisions about the design...
See full abstract
This bulletin summarizes the information that was presented in NIST Interagency Report (NISTIR)7564, Directions in Security Metrics Research, by Wayne Jansen. The publication examines past efforts to develop security measurements that could help organizations make informed decisions about the design of systems, the selection of controls, and the efficiency of security operations. The author points to possible areas of future research that could lead to improved metrics. The bulletin summarizes portions of the publication that explain security metrics, and the aspects of security measurements that help organizations establish and maintain secure systems. Also included in the bulletin are descriptions of the areas of needed research, which could provide solutions to he difficult problems experienced in using security metrics, and that could lead to the development of improved security metrics.
Hide full abstract
Keywords
formal methods; information security; information system security; metrics research; security evaluation; security measurements; security metrics