Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cyber Security Metrics and Measures

Published

Author(s)

Paul E. Black, Karen A. Scarfone, Murugiah P. Souppaya

Abstract

Metrics are tools to facilitate decision making and improve performance and accountability. Measures are quantifiable, observable, and objective data supporting metrics. Operators can use metrics to apply corrective actions and improve performance. Regulatory, financial, and organizational factors drive the requirement to measure IT security performance. Potential security metrics cover a broad range of measurable features, from security audit logs of individual systems to the number of systems within an organization that were tested over the course of a year. Effective security metrics should be used to identify weaknesses, determine trends to better utilize security resources, and judge the success or failure of implemented security solutions.
Citation
Article in Wiley Handbook of Science and Technology for Homeland Security
Publisher Info
John Wiley & Sons, Inc., Hoboken, NJ

Keywords

computer systems, cyber security, homeland security, IT, measures, metrics, software

Citation

Black, P. , Scarfone, K. and Souppaya, M. (2009), Cyber Security Metrics and Measures, John Wiley & Sons, Inc., Hoboken, NJ, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51292 (Accessed October 31, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 2, 2009, Updated January 27, 2020