Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Sep 3, 2009

Directions in Security Metrics Research

NISTIR 7564 "Directions in Security Metrics Research" says:

"Advancing the state of scientifically sound, security measures and metrics (i.e., a metrology for information system security) would greatly aid the design, implementation, and operation of secure information systems."

Hear hear!

"... Enterprise-Level Security Metrics, was included in the most recent Hard Problem List prepared by the INFOSEC Research Council ..."
That I didn't know, but I totally agree: security metrics is indeed a Hard Problem.

If you would like to metricate your ISMS, do take a look at NIST's new paper. The main body is quite short at just 15 pages but covers a wide brief, drawing on metrication practices from other fields. If you are eager to learn more, there are six pages of references to deepen your knowlege still further.