Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Security and Assurance Metrics (ISAM) A Framework for Defining Security, Assurance, and Associated Technical Metrics

Published

Author(s)

Alicia Clay Jones, Jaime Montemayor, William Blackert, David Carman, Anusha Saksena, Paul Schuster, David Silberberg

Abstract

This report summarizes the results of interviews with a multi-disciplinary group of experts who share an interest in information security and assurance metrics (ISAM). We used their feedback to create a framework or model for developing definitions for security and assurance, and the requirements for making measurements in the context of those definitions. We see this skeleton as a starting point which could be fleshed out through topical workshops or surveys of information security community stakeholders. The initial objectives of either methodology would include improvements to the model, demonstrations of its usefulness in evaluating and extending current research efforts, and, more generally, identification of gaps in the knowledge base that might then be systematically addressed. The long term objective of the effort is to close these gaps through fundamental research advances in fields of knowledge that directly and indirectly support the development of quantitative, technical security metrics for information systems.
Citation
NIST Interagency/Internal Report (NISTIR) -

Keywords

information assurance, information security, metrics

Citation

Clay, A. , Montemayor, J. , Blackert, W. , Carman, D. , Saksena, A. , Schuster, P. and Silberberg, D. (2007), Information Security and Assurance Metrics (ISAM) A Framework for Defining Security, Assurance, and Associated Technical Metrics, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (Accessed April 14, 2024)
Created June 25, 2007, Updated February 17, 2017