What is Security Metrics Management in information security?

An information security metrics is a measure that can track and assess the condition of a definite information security process. A metric define a system of dimension that based on quantifiable procedures.

Good metrics are those that are elegant, i.e. specific, quantifiable, attainable, repeatable, and time dependent. Dimensions provide individual-point-in-time vision of definite, discrete element, while metrics are resultant by analysing to a prearranged baseline multiple dimensions taken over time. Dimensions are created by counting and metrics are created from analysis.

Alternatively, dimensions are objective raw information and metrics are objective or subjective human description of those data. The method of dimension that is employed must be reproducible, and should attain the same result when performed separately by dissimilar competent evaluators.

Software Metrics are tools designed to support decision making and recover performance and accountability during set, analysis, and documenting of pertinent performance-related data.

The point of measuring performance is to consider the status of considered activities and facilitate improvement in those activities by using counteractive actions, based on observed dimensions. While a case can be made for using several terms for more comprehensive and aggregated elements, such as ‘metrics’ and ‘measures,’ this file accesses these method interchangeably.

Measurements provide single-point-in-time views of particular, discrete element, whereas metrics are changed by comparing to a fixed baseline two or more dimensions taken over time. Measurements are produced by counting and metrics are produced from analysis. Alternatively, measurements are objective raw information and metrics are objective or biased human description of those data.

For information system security, the procedures are related with elements of the system that supply to its security. That is, security metrics allows the application of a method of dimension to multiple entities of a system that possess a quantifiable security property to acquire a measured value.

A metric produce results that are accumulated in a defined metric database which is usable through standard SQL and JDBC interfaces to assist the following functions which are as follows −

Risk Management − Metrics that compute threat probability, susceptibility, counter measure coverage and asset value defer consequences that can be used to model risk.

Budget Management − Metrics that decide level of effort, impact, and obtainable can be changed into dollar cost for the reason of establishing budgets and computing return on investment.

Audit & Compliance Assessment (Internal or External) − Metrics that compute policy compliance for individual moreover groups of description capitulate results that can improve reports generated by compliance tools.

Security Operations − Metrics that collect data over time can be used to identify trends that suggest specific actions to be taken by data center functions staff.

Updated on: 08-Mar-2022


Kickstart Your Career

Get certified by completing the course

Get Started