Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Filter by type
Filter by Library Taxonomy
Metrics are tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. IT Security Metrics are metrics based on IT security performance goals and objectives. [Source: NIST SP 800-55]
- HEISC Resource: A Guide to Effective Security Metrics (part of the Information Security Guide)
- Center for Internet Security (CIS) Consensus Information Security Metrics: Organizations struggle to make cost-effective security investment decisions, in part because information security professionals lack widely accepted, unambiguous metrics for supporting their decisions.To address the need for clear security metrics, CIS established a consensus group of industry experts. The result? A set of Consensus Security Metrics and data set definitions that can be used across organizations to collect and analyze data on security outcomes and process performance.
- "Cybersecurity: When Will We Know If What We Are Doing Is Working?": This 2009 EDUCAUSE Review article by Clint Kreitner proposes a conceptual vision/framework for three essential elements: 1) a widely accepted definition of success, 2) consensus metrics for measuring progress toward success, and 3) a comprehensive feedback learning mechanism.
- NIST Interagency/Internal Report (IR) 7564: Directions in Security Metrics Research
- NIST Special Publication (SP) 800-55: Performance Measurement Guide for Information Security
- "Security Metrics: A Solution in Search of a Problem": This 2008 EDUCAUSE Quarterly article by Joel Rosenblatt describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.
- "Recommended Reading–Security Metrics: Replacing Fear, Uncertainty, and Doubt": In this 2008 EDUCAUSE Quarterly article, Joel Rosenblatt reviews Andrew Jaquith's book, Security Metrics: Replacing Fear, Uncertainty, and Doubt.
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Metrics
- Cybersecurity: When Will We Know If What We Are Doing Is Working?
September 4, 2009
© 2009 Clint Kreitner. The text of this article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License ( http://creativecommons.org/licenses/by-nc-nd/3.0/ …
- Guide for Developing Performance Metrics for Information Security: Recommendations of the National Institute of Standards and Technology
May 19, 2006
This publication focuses on developing and implementing information security metrics for an information security program. The processes and methodologies described in this guidance link informati…
- Corporate Information Security Working Group:
January 1, 2004
The Corporate Information Security Working Group (CISWG) was originally convened in November 2003 by Representative Adam Putnam (R-FL). The Best Practices team surveyed available information secu…