This Article 
 Bibliographic References 
 Add to: 
Metrics for Mitigating Cybersecurity Threats to Networks
January/February 2010 (vol. 14 no. 1)
pp. 64-71
Norman Schneidewind, Naval Postgraduate School
To achieve their full potential, networks must be secure as well as functional. With this in mind, the author identifies metrics designed to mitigate vulnerabilities to cyberattacks in networks that are key to the critical infrastructure of the US. He discusses both growth metrics — based on data obtained from the US National Institute of Standards and Technology and Department of Homeland Security vulnerability database — and metrics designed to mitigate the risk of security vulnerabilities in networks. If used together, these two types of metrics can help make networks more secure.

1. J. Moteff and P. Parfomak, "Critical Infrastructure and Key Assets: Definition and Identification," Congressional Research Service Report for Congress, 1 Oct. 2004.
2. "A Crisis of Prioritization," President's Information Technology Advisory Committee, Feb. 2005.
3. "Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities," report to congressional requesters, US Government Accountability Office, May 2005.
4. B. Cashell et al., "The Economic Impact of Cyber Attacks," Congress Research Service Report for Congress, 1 Apr. 2004.
5. Diversification of Cyber Threats, Inst. for Security Technology Studies, Dartmouth College, May 2002.
6. C. Mitchell and C. Decker, "Applying Risk-Based Decision-Making Methods and Tools to US Navy Antiterrorism Capabilities," J. Homeland Security, Feb. 2004.
7. A.D. Korzyk Sr. and J.G. VanDyke, "A Forecasting Model for Internet Security Attacks," Proc. 21st Nat'l Information Systems Security Conf. (NISSC 98), 1998.
8. P. Mell, K. Scarfone, and S. Romanosky, A Complete Guide to the Common Vulnerability Scoring System, Version 2.0, June 2007.
9. W. Yurcik, D. Loomis, and A.D. Korzyk Sr., "Predicting Internet Attacks: On Developing An Effective Measurement Methodology," Proc. 18th Ann. Int'l Communications Forecasting Conf. (ICFC 2000), 2000.
10. W. Yurcik and D. Doss, Internet Attacks: A Policy Framework for Rules of Engagement, Dept. of Applied Computer Science, Illinois State Univ., 2001.

Index Terms:
cybersecurity metrics, networks, network security
Norman Schneidewind, "Metrics for Mitigating Cybersecurity Threats to Networks," IEEE Internet Computing, vol. 14, no. 1, pp. 64-71, Jan.-Feb. 2010, doi:10.1109/MIC.2010.14
Usage of this product signifies your acceptance of the Terms of Use.