Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Metrics are tools designed to facilitate decision-making and improve performance and accountability through collection, analysis, and reporting of relevant performance-related data. IT Security Metrics are metrics based on IT security performance goals and objectives. [Source: NIST SP 800-55]
- 7 Things You Should Know About Information Security Metrics (January 2014)
- HEISC Resource: A Guide to Effective Security Metrics (part of the Information Security Guide)
- ECAR Research Bulletin: Measuring the Effectiveness of Security Awareness Programs
- Center for Internet Security (CIS) Consensus Information Security Metrics: Organizations struggle to make cost-effective security investment decisions, in part because information security professionals lack widely accepted, unambiguous metrics for supporting their decisions.To address the need for clear security metrics, CIS established a consensus group of industry experts. The result? A set of Consensus Security Metrics and data set definitions that can be used across organizations to collect and analyze data on security outcomes and process performance.
- "Cybersecurity: When Will We Know If What We Are Doing Is Working?": This 2009 EDUCAUSE Review article by Clint Kreitner proposes a conceptual vision/framework for three essential elements: 1) a widely accepted definition of success, 2) consensus metrics for measuring progress toward success, and 3) a comprehensive feedback learning mechanism.
- NIST Interagency/Internal Report (IR) 7564: Directions in Security Metrics Research
- NIST Special Publication (SP) 800-55: Performance Measurement Guide for Information Security
- "Security Metrics: A Solution in Search of a Problem": This 2008 EDUCAUSE Quarterly article by Joel Rosenblatt describes how the creation and collection of appropriate metrics can enhance an institution's security program. Learn about some potential metrics in the following areas: policy and compliance, network and machine monitoring, outreach and education, legal compliance, authorization and authentication, asset protection, and privacy.
- "Recommended Reading–Security Metrics: Replacing Fear, Uncertainty, and Doubt": In this 2008 EDUCAUSE Quarterly article, Joel Rosenblatt reviews Andrew Jaquith's book, Security Metrics: Replacing Fear, Uncertainty, and Doubt.
Library Items on this Topic
EDUCAUSE Library Items for Security Metrics
- What's Your Number? Measuring the Maturity of Your Security Program with HEISC's New Assessment Tool
October 16, 2013
A session at the EDUCAUSE Annual Conference 2013
Do you know how mature your security program is? EDUCAUSE has developed an enhanced information security program assessment tool to help you gauge your program. This session will introduce the new …
- Security Assessments for Information Technology
October 20, 2005
A session at the EDUCAUSE 2005 Annual Conference
Baylor University recently conducted a campus-wide information technology security assessment. The session will present the assessment process, from choosing a consultant to remediation of the asse…