Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Metrics: Measurements to Support the Continued Development of Information Security Technology



Shirley M. Radack


This bulletin summarizes the information that was presented in NIST Interagency Report (NISTIR)7564, Directions in Security Metrics Research, by Wayne Jansen. The publication examines past efforts to develop security measurements that could help organizations make informed decisions about the design of systems, the selection of controls, and the efficiency of security operations. The author points to possible areas of future research that could lead to improved metrics. The bulletin summarizes portions of the publication that explain security metrics, and the aspects of security measurements that help organizations establish and maintain secure systems. Also included in the bulletin are descriptions of the areas of needed research, which could provide solutions to he difficult problems experienced in using security metrics, and that could lead to the development of improved security metrics.
ITL Bulletin -


formal methods, information security, information system security, metrics research, security evaluation, security measurements, security metrics


Radack, S. (2010), Security Metrics: Measurements to Support the Continued Development of Information Security Technology, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 18, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created January 27, 2010, Updated February 19, 2017