Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Metrics of Security

Published

Author(s)

Yi Cheng, Julia Deng, Jason Li, Scott DeLoach, Anoop Singhal, Xinming Ou

Abstract

Discussion of challenges and ways of improving Cyber Situational Awareness dominated our previous chapters. However, we have not yet touched on how to quantify any improvement we might achieve. Indeed, to get an accurate assessment of network security and provide sufficient Cyber Situational Awareness (CSA), simple but meaningful metrics--the focus of the Metrics of Security chapter--are necessary. The adage, "what can't be measured can't be effectively managed," applies here. Without good metrics and the corresponding evaluation methods, security analysts and network operators cannot accurately evaluate and measure the security status of their networks and the success of their operations. In particular, this chapter explores two distinct issues: (i) how to define and use metrics as quantitative characteristics to represent the security state of a network, and (ii) how to define and use metrics to measure CSA from a defender's point of view.
Citation
Cyber Defense and Situational Awareness
Volume
62
Publisher Info
Springer, Dusseldorf, -1

Keywords

attack graphs, risk mitigation, security metrics, vulnerability analysis

Citation

Cheng, Y. , Deng, J. , Li, J. , DeLoach, S. , Singhal, A. and Ou, X. (2014), Metrics of Security, Cyber Defense and Situational Awareness, Springer, Dusseldorf, -1, [online], https://doi.org/10.1007/978-3-319-11391-3_13, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917850 (Accessed June 12, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created December 14, 2014, Updated October 12, 2021