期刊名称:International Journal of Computer Science Issues
印刷版ISSN:1694-0784
电子版ISSN:1694-0814
出版年度:2011
卷号:8
期号:2
出版社:IJCSI Press
摘要:It is common wisdom that any process that cannot be measured cannot be managed. This applies to security as well. Security metrics are assuming tremendous importance as they are vital for assessing the current security status, to develop operational best practices and for guiding future security research. This topic is very relevant at a time when organizations are coming under increasing pressure requiring them to demonstrate due assiduousness when protecting the data assets of themselves and their customers. In these circumstances metrics can give the organizations a way to prioritize threats and vulnerabilities and the risks they pose to enterprise information assets. This paper propounds a stakeholder based model of security metrics.
