Cheng, Y.
, Deng, J.
, Li, J.
, DeLoach, S.
, Singhal, A.
and Ou, X.
(2014),
Metrics of Security, Cyber Defense and Situational Awareness, Springer, Dusseldorf, -1, [online], https://doi.org/10.1007/978-3-319-11391-3_13, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917850
(Accessed April 19, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Metrics of Security
Published
Author(s)
Yi Cheng, Julia Deng, Jason Li, Scott DeLoach, , Xinming Ou
Abstract
Discussion of challenges and ways of improving Cyber Situational Awareness dominated our previous chapters. However, we have not yet touched on how to quantify any improvement we might achieve. Indeed, to get an accurate assessment of network security and provide sufficient Cyber Situational Awareness (CSA), simple but meaningful metrics--the focus of the Metrics of Security chapter--are necessary. The adage, "what can't be measured can't be effectively managed," applies here. Without good metrics and the corresponding evaluation methods, security analysts and network operators cannot accurately evaluate and measure the security status of their networks and the success of their operations. In particular, this chapter explores two distinct issues: (i) how to define and use metrics as quantitative characteristics to represent the security state of a network, and (ii) how to define and use metrics to measure CSA from a defender's point of view.Citation
Cyber Defense and Situational Awareness
Volume
62
Publisher Info
Springer, Dusseldorf, -1
Pub Type
Book Chapters
Download Paper
Keywords
attack graphs, risk mitigation, security metrics, vulnerability analysis
Citation
Created December 14, 2014, Updated October 12, 2021