Designing good security metrics
This paper begins with an introduction to security metrics, describing the need for security metrics, followed by a discussion of the nature of security metrics, including the challenges found with some security metrics used in the past. The paper then discusses what makes a good security metric and proposes a rigorous step-by-step method that can be applied to design good security metrics, and to test existing security metrics to see if they are good metrics. Application examples are included to illustrate the method.
|Keywords||Designing, Good security metrics, Security metrics, Testing, Weaknesses|
|Conference||43rd IEEE Annual Computer Software and Applications Conference, COMPSAC 2019|
Yee, G.O.M. (2019). Designing good security metrics. In Proceedings - International Computer Software and Applications Conference (pp. 580–585). doi:10.1109/COMPSAC.2019.10270