Issue No. 04 - July/August (2010 vol. 8)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.60
Shari Pfleeger , RAND Corporation , Arlington
Robert Cunningham , MIT Lincoln Laboratory, Lexington
For many years, we've been trying to measure "security" so that we can increase accountability, demonstrate compliance, and determine whether and by how much our investments in products and processes are making our systems more secure. This article investigates why security measurement is difficult and what strategies might help address our needs.
security and privacy, measurement
S. Pfleeger and R. Cunningham, "Why Measuring Security Is Hard," in IEEE Security & Privacy, vol. 8, no. , pp. 46-54, 2010.