
Information Security News mailing list archives
How to measure security? NIST maps out the emerging field of IT metrology
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 11 Sep 2009 03:22:43 -0500 (CDT)
http://gcn.com/articles/2009/09/14/update-1-security-metrics-lacking-for-it-systems.aspx By William Jackson GCN.com Sept. 10, 2009 Information technology security is a hot topic, but attention usually focuses on the lack of it. What is missing is an objective, quantifiable way to effectively measure it. "Security can be looked at in different ways by different people,” "aid Wayne Jansen, a computer scientist at the National Institute of Standards and Technology's IT boratory. There is quality control for code developers, the process of deploying a system, and its maintenance by users. "ese are all different aspects,” " they do not lend themselves to traditional methods of measurement used in physical science, he said. Jansen has examined the status of efforts to develop security metrics, identified challenges and suggested a course for future research in a recent NIST report, "Directions in Security Metrics Research." There have been a number of efforts to establish metric systems for security, including the international Common Criteria, the Defense Department's usted Computer System Evaluation Criteria, the European Communities' formation Technology Security Evaluation Criteria, and the International Systems Security Engineering Association's systems Security Engineering Capability Maturity Model. [...]
________________________________________ Please Donate to the Ron Santo Walk to Cure Diabetes with Ethan's Crew! http://www.c4i.org/ethan.html
Current thread:
- How to measure security? NIST maps out the emerging field of IT metrology InfoSec News (Sep 11)