Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
There are many more different quantitative and qualitative metrics that have been engineered to assess and reduce security risk. Structured as quantitative or qualitative -- meaning that some are structured according to empirical, mathematical rules (quantitative; usually from disciplines such as finance), whilst others are structured in an experiential manner derived from interviews, observation, and so forth (qualitative) -- each has its benefits and disadvantages.
Uses of security metrics and how organizations benefit from them
The benefits of security metrics fall into three broad classes:
1. Strategic support -- Security metrics help tighten the security of different kinds of organizational decision-making such as planning programs, product and service selection, and resource allocation.
2. Quality assurance - Security metrics are used during the software development lifecycle in order to prevent and screen out vulnerabilities, particularly during the code production. They do this by executing functions such as measuring the system's adherence to coding standards and identifying vulnerabilities that may exist. They also track down and analyze possible security issues.
3. Tactical oversight -- Security metrics gauge the effectiveness of security controls and mange risk, identify areas for improvement, provide a basis for trend analyzing, and monitor the security statue of an organization's it system ensuring that it complies with security standards (Jansen (n.d.)).
In all these ways (and more), metrics are used throughout all it operations of the organization in order to prevent and screen out vulnerabilities, gauge the effectiveness of security controls and mange risk, identify areas for improvement, and monitor the security statue of an organization's it system so that it complies with security standards.
Metrics benefit the security of the organization in all ways. On a micro scale (as regards the it system itself), security metrics help ensure the safety and security of the organization's it system by identifying its potential vulnerabilities...
On the macro scale, and as regards the organization as a whole, security metrics enable the organization to improve its security objectives so that no valuable data is corrupted or slips through that jeopardizes the safety of the organization.
Models and their derivative metrics should be repeatedly tested in order to ensure their reliability, namely that metrics should show constant and replicated positive results regardless of the it system that it is applied to. Metrics should also be applicable and timely.
The field of security metrics is enormous and complex and entire books have been written on the subject (see e.g. Bojanc & Jerman-Blazoc, 2008). Areas of ongoing research seek to improve the estimators of the system security as ways of developing new metrics and tightening up the procedures used. They also seek to make metrics as objective as possible order to screen out human error and bias. Researchers are also working to offer a more systematic and rapid means of obtaining meaningful measurements whilst seeking to broaden their understanding and insight into development of further models and into improvement of existent models and metrics.
Reference
Bojanc, R. & Jerman-Blazoc, B. (2008), an economic modeling approach to information security risk management. International Journal of Information Management 28 (2008) 413 -- 422
Chowdhary, a., & Mezzeapelle, M.A. (n.d.) Information Security metrics. Hewlett Packard.
Jansen, W. (n.d.) Directions in security metrics research. National Institute of Standards and Technology (NIST)
http://csrc.nist.gov/publications/nistir/ir7564/nistir-7564_metrics-research.pdf
Pedro, G.L., & Ashutosh, S. (2010). An approach to quantitatively measure Information security 3rd India Software Engineering Conference, Mysore, 25-27
Swanson, M. et al., Security Metrics Guide for Information Technology Systems, NIST Special Publication 800-55,
http://cid-7086a6423672c497.skydrive.live.com/self.aspx/.Public/NIST%20SP%20800-55.pdf
Reference
Bojanc, R. & Jerman-Blazoc, B. (2008), an economic modeling approach to information security risk management. International Journal of Information Management 28 (2008) 413 -- 422
Chowdhary, a., & Mezzeapelle, M.A. (n.d.) Information Security metrics. Hewlett Packard.
Jansen, W. (n.d.) Directions in security metrics research. National Institute of Standards and Technology (NIST)
http://csrc.nist.gov/publications/nistir/ir7564/nistir-7564_metrics-research.pdf
http://cid-7086a6423672c497.skydrive.live.com/self.aspx/.Public/NIST%20SP%20800-55.pdf
This approach to planning supply chains through collaborative planning, forecasting and replenishment (CPFR) is highly dependent on collaborative applications and platforms that support analytics and advanced approaches to creating dashboards and balanced scored cards of sup[ply chain performance and value created (Huberman, Wilkinson, 2010). The reliance on collaborative applications and platforms that are also capable of streamlining complex manufacturing processes, dropping costs per unit costs from each unit produced due
These are the researchers who completed the HTML, DHTML vs. AJAX application performance on XML (Yang, Liao, Fang, 2007) and the XML network optimization research completed across a replicated server and transaction-based methodology (Smullen, Smullen, 2009). Efforts will be made to collaborate with these researchers to learn from their expertise that has not been published in their analyses and also to collaborate on how to capture XML network optimization
As Christopher Hosford (2009) best put it, "to marketers, lists are still important but the uses to which they are put seem to be in transition." With the aid of predictive analytics, marketing activities make a transition from the simple identification and attraction of customers, to more complex endeavors of customer loyalty and retention, generation of sustainable revenues as well as other elements of marketing ROI (return on investment). This
Transitioning of the Defense Transportation System Toward Complementing Best Practices in Supply Chain Management Efficiently and Securely Distribution managers need to appreciate that management of defense supply chains is a rapidly-growing global phenomenon, with an overlap existing in management levels; right from the strategic national-level stakeholders to lower sustainment units at the activity levels. Strategic distribution changes have the potential of immensely impacting tactical implications. This paper aims to help
Security Metrics Governance of Information Security: Why Metrics Do Not Necessarily Improve Security The objective of this study is to examine the concept that the use of various Metrics has tended to improve security however, Metrics alone may not necessarily improve security. This study will focus on two well-known metrics. The work of Barabanov, Kowalski and Yngstrom (2011) states that the greatest driver for information security development in the majority of organizations
C. Product Improvement and New Products As the Web Content Monetization System has yet to be launched there are no significant product improvements committed to prospects or customers yet. It is common during this phase of a new systems' development to have a series of 2nd and 3rd generation product enhancements which will be added over the systems' life. It is highly advisable that a Customer Advisory Council be created that