Issue No.04 - July/August (2010 vol.8)
Shari Pfleeger , RAND Corporation , Arlington
Robert Cunningham , MIT Lincoln Laboratory, Lexington
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.60
For many years, we've been trying to measure "security" so that we can increase accountability, demonstrate compliance, and determine whether and by how much our investments in products and processes are making our systems more secure. This article investigates why security measurement is difficult and what strategies might help address our needs.
security and privacy, measurement
Shari Pfleeger, Robert Cunningham, "Why Measuring Security Is Hard", IEEE Security & Privacy, vol.8, no. 4, pp. 46-54, July/August 2010, doi:10.1109/MSP.2010.60