The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May/June (2009 vol.11)
pp: 38-45
ABSTRACT
Measuring cybersecurity is difficult, but other disciplines can offer important lessons and techniques for building a system that can help test hypotheses about system security.
INDEX TERMS
Cybersecurity, management, emergent behavior, IT professional
CITATION
Shari Lawrence Pfleeger, "Useful Cybersecurity Metrics", IT Professional, vol.11, no. 3, pp. 38-45, May/June 2009, doi:10.1109/MITP.2009.63
REFERENCES
1. M.E. Johnson and E. Goetz, "Embedding Information Security into the Organization," IEEE Security &Privacy, vol. 5, no. 3, 2007, pp. 16–24.
2. R.B. Vaughn Jr., R. Henning, and A. Siraj, "Information Assurance Measures and Metrics: State of Practice and Proposed Taxonomy," Proc. 36th Ann. Hawaii Conf. System Sciences, IEEE CS Press, 2003, pp. 331c–340.
3. N. Fenton and S.L. Pfleeger, Software Metrics: A Rigorous and Practical Approach, 2nd ed., PWS Publishing, 1996.
4. B.A. Kitchenham, S.L. Pfleeger, and N. Fenton, "Towards a Framework for Software Measurement Validation," IEEE Trans. Software Eng., vol. 21, no. 12, 1995, pp. 929–944.
5. S.L. Pfleeger, J.C. Fitzgerald, and D.A. Rippy, "Using Multiple Metrics for Analysis of Improvement," Software Quality J., vol. 1, no. 1, 1992, pp. 27–36.
6. S.L. Pfleeger and R. Rue, "Cybersecurity Economic Issues: Clearing the Path to Good Practice," IEEE Software, vol. 25, no. 1, 2008, pp. 35–42.
7. S.L. Pfleeger and T. Cizsek, "Choosing a Security Option: The InfoSecure Methodology," IT Professional, vol. 10, no. 5, 2008, pp. 31–37.
8. R. Rue, S.L. Pfleeger, and D. Ortiz, "A Framework for Classifying and Comparing Models of Cybersecurity Investment to Support Policy and Decision-Making," Proc. Workshop on the Economics of Information Security, 2007; http://weis2007.econinfosec.org/papers76.pdf .
9. R. Rue and S.L. Pfleeger, "Making the Best Use of Cybersecurity Economic Models," to be published in IEEE Security &Privacy, 2009.
10. K. Hausken, Returns to Information Security Investment: The Effect of Alternative Information Security Breach Functions on Optimal Investment and Sensitivity to Vulnerability, Springer Science + Business Media, 2006; www.springerlink.com/content92rph61467758553 /.
11. V. Kumar, R. Telang, and T. Mukhopadhyay, "Optimally Securing Interconnected Information Systems and Assets," Proc. Workshop Economics of Information Security, 2007; http://weis2007.econinfosec.org/papers64.pdf .
12. A. Ozment, "Improving Vulnerability Discovery Models," Proc. 2007 ACM Workshop Quality of Protection, ACM Press, 2007; http://portal.acm.orgcitation.cfm?id=1314257.1314261 .
13. G. Cybenko and V. Berk, "Process Query Systems," Computer, vol. 40, no. 1, 2007, pp. 62–70.
14. S.L. Pfleeger, "Soup or Art? The Role of Evidential Force in Empirical Software Engineering," IEEE Software, vol. 22, no. 1, 2005, pp. 66–73.
89 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool