01243nas a2200277   4500000000100000000000100001000000100002008004100003260007900044653002000123653001900143653001200162653002500174653001300199653001600212653001500228653001100243653001200254653001100266653001200277653000900289653002000298100001800318245009600336520053300432       2014                            d  cMarch 2014bInstitute of Information and Communication TechnologiesaSofia10acharacteristics10aclassification10acompany10aexpected annual lose10aincident10aIT security10amanagement10amatrix10ameasure10aMetric10ametrics10aRisk10aVulnerabilities1 aVeselin Monev00aEnterprise IT security metrics: Classification, examples and characteristics (in Bulgarian)3 a<p>The report addresses the key issues associated with measuring IT security for private companies. Several classifications of metrics are discussed focusing on the functions of different levels of security management. For the most part, this work examines the pros and cons of common metrics for measuring IT security and provides guidelines for creating own metrics. ‘Own metrics,’ adapted to the corporate environment, are those which security managers have to create and use for the purpose of effective management.</p>