-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Subscribe
Filter by type
- Articles, Briefs, Papers, and Reports [x]
Filter by Publications
Filter by Library Taxonomy
- Security Management [x]
- Security Metrics [x]
- Cybersecurity (10)
- Security Planning (3)
- Security Risk Assessment and Analysis (3)
- Information Technology Management and Leadership (2)
- Policy and Law (2)
- Campus Policies (1)
- Campus Policy and Law (1)
- Cyberinfrastructure (1)
- Cybersecurity Policy (1)
- Federal Policy and Law (1)
- Instructional Technologies (1)
- Networking and Emerging Technologies (1)
- Planning (1)
- Podcasting (1)
- Security Awareness (1)
- Security Implementation (1)
- Security Policies (1)
- Teaching and Learning (1)
Metrics are tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. IT Security Metrics are metrics based on IT security performance goals and objectives. [Source: NIST SP 800-55]
Suggested Resources
- HEISC Resource: A Guide to Effective Security Metrics (part of the Information Security Guide)
- Center for Internet Security (CIS) Consensus Information Security Metrics: Organizations struggle to make cost-effective security investment decisions, in part because information security professionals lack widely accepted, unambiguous metrics for supporting their decisions.To address the need for clear security metrics, CIS established a consensus group of industry experts. The result? A set of Consensus Security Metrics and data set definitions that can be used across organizations to collect and analyze data on security outcomes and process performance.
- "Cybersecurity: When Will We Know If What We Are Doing Is Working?": This 2009 EDUCAUSE Review article by Clint Kreitner proposes a conceptual vision/framework for three essential elements: 1) a widely accepted definition of success, 2) consensus metrics for measuring progress toward success, and 3) a comprehensive feedback learning mechanism.
- NIST Interagency/Internal Report (IR) 7564: Directions in Security Metrics Research
- NIST Special Publication (SP) 800-55: Performance Measurement Guide for Information Security
- "Security Metrics: A Solution in Search of a Problem": This 2008 EDUCAUSE Quarterly article by Joel Rosenblatt describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.
- "Recommended Reading–Security Metrics: Replacing Fear, Uncertainty, and Doubt": In this 2008 EDUCAUSE Quarterly article, Joel Rosenblatt reviews Andrew Jaquith's book, Security Metrics: Replacing Fear, Uncertainty, and Doubt.
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Metrics
-
IT Service Metrics 101
-
January 28, 2013
Key Takeaways These guidelines to service metrics explain what to measure and how, when, and why to measure it. Trends reveal the most about services and performan…
-
Directions in Security Metrics Research
-
August 20, 2009
More than 100 years ago, Lord Kelvin insightfully observed that measurement is vital to deep knowledge and understanding in physical science. During the last few decades, researchers have made va…
-
Cybersecurity: When Will We Know If What We Are Doing Is Working?
-
September 4, 2009
© 2009 Clint Kreitner. The text of this article is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License ( http://creativecommons.org/licenses/by-nc-nd/3.0/ …
-
Recommended Reading
-
August 4, 2008
Recommended Reading EDUCAUSE Quarterly, vol. 31, no. 3 (July–September 2008) Security Metrics: Replacing Fear, Uncertainty, and Doubt Andrew Jaquith Addison Wesley, 2007…
-
Security Metrics: A Solution in Search of a Problem
-
August 4, 2008
© 2008 Joel Rosenblatt. The text of this article is licensed under the Creative Commons Attribution-Share Alike 3.0 license ( http://creativecommons.org/licenses/by-sa/3.0/ ). EDUCAUSE Qu…
-
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI - Book Review
-
August 29, 2007
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI Debra S. Herrmann Auerbach Publications, 2007 $119.95 (hardcover), 824 pp…
-
A Few Good Metrics
-
July 21, 2005
Information security metrics don't have to rely on heavy-duty math to be effective, but they also don't have to be dumbed down to red, yellow, green. Here are five smart measurements—…
-
A Guide to Security Metrics
-
June 22, 2006
The pressure is on. Various surveys indicate that over the past several years computer security has risen in priority for many organizations. Spending on IT security has increased significantly i…
-
Addressing Information Security Risk
-
January 1, 2005
Current Issues Addressing Information Security Risk A journey, not a destination, security work is never done—the challenges just keep coming By Mohammad H. Qayoumi and Carol Woo…
-
Evaluating Computer-Related Incidents on Campus
-
January 1, 2004
Research in Brief Evaluating Computer-Related Incidents on Campus The CIFAC Project looks at current trends in how incidents are discussed, categorized, and managed By Daniel Roths…
