This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Useful Cybersecurity Metrics
May/June 2009 (vol. 11 no. 3)
pp. 38-45
Measuring cybersecurity is difficult, but other disciplines can offer important lessons and techniques for building a system that can help test hypotheses about system security.

1. M.E. Johnson and E. Goetz, "Embedding Information Security into the Organization," IEEE Security &Privacy, vol. 5, no. 3, 2007, pp. 16–24.
2. R.B. Vaughn Jr., R. Henning, and A. Siraj, "Information Assurance Measures and Metrics: State of Practice and Proposed Taxonomy," Proc. 36th Ann. Hawaii Conf. System Sciences, IEEE CS Press, 2003, pp. 331c–340.
3. N. Fenton and S.L. Pfleeger, Software Metrics: A Rigorous and Practical Approach, 2nd ed., PWS Publishing, 1996.
4. B.A. Kitchenham, S.L. Pfleeger, and N. Fenton, "Towards a Framework for Software Measurement Validation," IEEE Trans. Software Eng., vol. 21, no. 12, 1995, pp. 929–944.
5. S.L. Pfleeger, J.C. Fitzgerald, and D.A. Rippy, "Using Multiple Metrics for Analysis of Improvement," Software Quality J., vol. 1, no. 1, 1992, pp. 27–36.
6. S.L. Pfleeger and R. Rue, "Cybersecurity Economic Issues: Clearing the Path to Good Practice," IEEE Software, vol. 25, no. 1, 2008, pp. 35–42.
7. S.L. Pfleeger and T. Cizsek, "Choosing a Security Option: The InfoSecure Methodology," IT Professional, vol. 10, no. 5, 2008, pp. 31–37.
8. R. Rue, S.L. Pfleeger, and D. Ortiz, "A Framework for Classifying and Comparing Models of Cybersecurity Investment to Support Policy and Decision-Making," Proc. Workshop on the Economics of Information Security, 2007; http://weis2007.econinfosec.org/papers76.pdf .
9. R. Rue and S.L. Pfleeger, "Making the Best Use of Cybersecurity Economic Models," to be published in IEEE Security &Privacy, 2009.
10. K. Hausken, Returns to Information Security Investment: The Effect of Alternative Information Security Breach Functions on Optimal Investment and Sensitivity to Vulnerability, Springer Science + Business Media, 2006; www.springerlink.com/content92rph61467758553 /.
11. V. Kumar, R. Telang, and T. Mukhopadhyay, "Optimally Securing Interconnected Information Systems and Assets," Proc. Workshop Economics of Information Security, 2007; http://weis2007.econinfosec.org/papers64.pdf .
12. A. Ozment, "Improving Vulnerability Discovery Models," Proc. 2007 ACM Workshop Quality of Protection, ACM Press, 2007; http://portal.acm.orgcitation.cfm?id=1314257.1314261 .
13. G. Cybenko and V. Berk, "Process Query Systems," Computer, vol. 40, no. 1, 2007, pp. 62–70.
14. S.L. Pfleeger, "Soup or Art? The Role of Evidential Force in Empirical Software Engineering," IEEE Software, vol. 22, no. 1, 2005, pp. 66–73.

Index Terms:
Cybersecurity, management, emergent behavior, IT professional
Citation:
Shari Lawrence Pfleeger, "Useful Cybersecurity Metrics," IT Professional, vol. 11, no. 3, pp. 38-45, May-June 2009, doi:10.1109/MITP.2009.63
Usage of this product signifies your acceptance of the Terms of Use.