Welcome to the SecAware blog

I spy with my beady eye ...

3 Sept 2009

Directions in Security Metrics Research

NISTIR 7564 "Directions in Security Metrics Research" says:

"Advancing the state of scientifically sound, security measures and metrics (i.e., a metrology for information system security) would greatly aid the design, implementation, and operation of secure information systems."

Hear hear!

"... Enterprise-Level Security Metrics, was included in the most recent Hard Problem List prepared by the INFOSEC Research Council ..."
That I didn't know, but I totally agree: security metrics is indeed a Hard Problem.

If you would like to metricate your ISMS, do take a look at NIST's new paper. The main body is quite short at just 15 pages but covers a wide brief, drawing on metrication practices from other fields. If you are eager to learn more, there are six pages of references to deepen your knowlege still further.


  1. Very useful - thanks for the link Gary.

  2. This comment has been removed by a blog administrator.