NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Information Security and Assurance Metrics (ISAM) A Framework for Defining Security, Assurance, and Associated Technical Metrics

Published

Author(s)

Alicia Clay Jones, Jaime Montemayor, William Blackert, David Carman, Anusha Saksena, Paul Schuster, David Silberberg

Abstract

This report summarizes the results of interviews with a multi-disciplinary group of experts who share an interest in information security and assurance metrics (ISAM). We used their feedback to create a framework or model for developing definitions for security and assurance, and the requirements for making measurements in the context of those definitions. We see this skeleton as a starting point which could be fleshed out through topical workshops or surveys of information security community stakeholders. The initial objectives of either methodology would include improvements to the model, demonstrations of its usefulness in evaluating and extending current research efforts, and, more generally, identification of gaps in the knowledge base that might then be systematically addressed. The long term objective of the effort is to close these gaps through fundamental research advances in fields of knowledge that directly and indirectly support the development of quantitative, technical security metrics for information systems.
Citation
NIST Interagency/Internal Report (NISTIR) -
NIST Pub Series
NIST Interagency/Internal Report (NISTIR)
Pub Type
NIST Pubs

Keywords

information assurance, information security, metrics

Citation

Clay, A. , Montemayor, J. , Blackert, W. , Carman, D. , Saksena, A. , Schuster, P. and Silberberg, D. (2007), Information Security and Assurance Metrics (ISAM) A Framework for Defining Security, Assurance, and Associated Technical Metrics, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (Accessed October 12, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 25, 2007, Updated February 17, 2017
Was this page helpful?