The report addresses the key issues associated with measuring IT security for private companies. Several classifications of metrics are discussed focusing on the functions of different levels of security management. For the most part, this work examines the pros and cons of common metrics for measuring IT security and provides guidelines for creating own metrics. ‘Own metrics,’ adapted to the corporate environment, are those which security managers have to create and use for the purpose of effective management.
BT - IT4Sec Reports CY - Sofia DA - March 2014 DO - http://dx.doi.org/10.11610/it4sec.0111 LA - eng M1 - 111 N2 -The report addresses the key issues associated with measuring IT security for private companies. Several classifications of metrics are discussed focusing on the functions of different levels of security management. For the most part, this work examines the pros and cons of common metrics for measuring IT security and provides guidelines for creating own metrics. ‘Own metrics,’ adapted to the corporate environment, are those which security managers have to create and use for the purpose of effective management.
PB - Institute of Information and Communication Technologies PP - Sofia PY - 2014 T2 - IT4Sec Reports TI - Enterprise IT security metrics: Classification, examples and characteristics (in Bulgarian) ER -