Home   >   CSC-OpenAccess Library   >    Manuscript Information
Measuring Information Security: Understanding And Selecting Appropriate Metrics
Perpétus Jacques Houngbo , Joël Toyigbé Hounsou
Pages - 108 - 120     |    Revised - 31-03-2015     |    Published - 30-04-2015
Volume - 9   Issue - 2    |    Publication Date - March / April 2015  Table of Contents
Information Quality, Measurement, Metric, Performance.
Thanks to numerous information in newspapers about data leaks, advocacy for information security is no more that difficult. But on the practical side, it is usually tough time for information security professionals when they have to demonstrate the value of information security to their organizations; they have so much metrics available on hand that making the right selection is far from obvious. This paper is about understanding the metrics that are available and discussing how to use them in some specific less developed economies.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 TechRepublic 
5 ResearchGATE 
6 Scribd 
7 SlideShare 
8 PdfSR 
A. C. S. Associates, Information System Security Attribute Quantification or Ordering (Commonly but improperly known as “Security Metrics”). 2001.
A. Jaquith, Security metrics: replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Addison-Wesley, 2007.
A. Union, The 23rd Ordinary Session of the African Union ends in Malabo - African Union. 2014.
D. Hubbard, Measure for measure: The Actuary, official magazine of SIAS and The Actuarial Profession. 2014.
DTCC, Cyber risk - a global systemic threat. 2014.
E. Chew, M. Swanson, K. Stine, N. Bartol, A. Brown, and W. Robinson, Performance Measurement Guide for Information Security NIST Special Publication 800-55 Revision 1. 2008.
F. Cohen, “Measuring security,” 2011.
G. Hinson and K. Brotby, Getting started with security metrics. 2014.
I. S. P. Council, The Basic Policy of Critical Information Infrastructure Protection (3rd Edition). 2014.
ITU-T, -T X.1520 (01/2014) Common vulnerabilities and exposures. 2014.
J. Breier and L. Hudec, “Risk analysis supported by information security metrics,” in Proceedings of the 12th International Conference on Computer Systems and Technologies, 2011, pp. 393–398.
K.-E. Sveiby, Methods for Measuring Intangible Assets. 2010.
L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel, “k-Zero day safety: A network security metric for measuring the risk of unknown vulnerabilities,” 2014.
M. Hoehl, Creating a monthly Information Security Scorecard for CIO and CFO. SANS Institute, 2010.
M. Kimwele, W. Mwangi, and S. Kimani, “Information technology (IT) security framework for Kenyan small and medium enterprises (SMEs),” Int. J. Comput. Sci. Secur. IJCSS, vol. 5, no. 1, p. 39, 2011.
M. M. Gamal, B. Hasan, and A. F. Hegazy, “A Security Analysis Framework Powered by an Expert System,” Int. J. Comput. Sci. Secur. IJCSS, vol. 4, no. 6, p. 505, 2011.
O. O. M. A. BUDGET, Annual report to congress: may 1, 2014. 2014.
O. of C. and C.- DHS, FY 2014 Chief Information Officer Federal Information Security Management Act Micro Agency Reporting Metrics v1.1. 2014.
P. E. Black, K. Scarfone, and M. Souppaya, “Cyber security metrics and measures,” Wiley Handb. Sci. Technol. Homel. Secur., 2008.
P. Institute, 2014 Cost of Cyber Crime Study: United States. 2014.
P. O. Imeokparia, K. Ediagbonya, and others, “Small and Medium Scale Enterprises (SMEs): A Catalyst in Promoting Economic Development in Nigeria,” J. Educ. Pract., vol. 5, no. 33, pp. 92–98, 2014.
PwC, Information security breaches survey 2014 - technical report. 2014.
PwC, Managing cyber risks in an interconnected world Key findings from The Global State of Information Security Survey 2015. 2014.
R. A. Martin, “Making Security Measurable and Manageable,” Nov. 2008.
R. Barabanov, S. Kowalski, and L. Yngström, “Information Security Metrics: State of the Art: State of the art,” 2011.
S. C. Payne, “A guide to security metrics,” Inst. Inf. Secur. Read. Room, 2006.
S. Noel and S. Jajodia, “Metrics Suite for Network Attack Graph Analytics,” 2014.
T. C. for I. Security, The CIS Security Metrics. 2010.
T. Kanstrén, R. Savola, A. Evesti, H. Pentikäinen, A. Hecker, M. Ouedraogo, K. Hätönen, P. Halonen, C. Blad, O. López, and others, “Towards an abstraction layer for Security Assurance measurements,” in Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, 2010, pp. 189–196.
V. Mulango, “SMEs crucial for Africa Transformation Agenda.” Nov-2014.
V. Verendel, “Quantified security is a weak hypothesis: a critical survey of results and assumptions,” in Proceedings of the 2009 workshop on New security paradigms workshop, 2009, pp. 37–50.
Mr. Perpétus Jacques Houngbo
Institut de Mathématiques et de Sciences Physiques (IMSP) - Benin
Dr. Joël Toyigbé Hounsou
Institut de Mathématiques et de Sciences Physiques (IMSP) Dangbo, Benin - Benin

View all special issues >>