Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Measuring Security Risk in Enterprise Networks


Enterprise networks have become essential to the operation of companies, laboratories, universities, and government agencies. As they continue to grow both in size and complexity, their security has become a critical concern. Vulnerabilities are regularly discovered in software applications which are exploited to stage cyber attacks. There is no objective way to measure the security of an enterprise network. As a result it is difficult to answer such objective questions as "are we more secure than yesterday" or "how should we invest our limited resources to improve security" or "how does this vulnerability impact the overall security of my system". By increasing security spending an organization can decrease the risk associated with security breaches. However, to do this tradeoff analysis there is a need for quantitative models of security instead of the current qualitative models. The objective of our research is to develop models and metrics that can be used to objectively assess the security of an enterprise network.

Project formerly named: Techniques for Security Risk Analysis of Enterprise Networks


For more information regarding the Measuring Security Risk in Enterprise Networks (formerly name: Techniques for Security Risk Analysis of Enterprise Networks), please visit the Computer Security Resource Center (CSRC).

Created June 24, 2009, Updated January 24, 2022