User:Shawndouglas/sandbox/sublevel3

From LIMSWiki
Jump to navigationJump to search

As previously mentioned, with indicators come metrics. But what tools will be used to acquire those metrics, and will those metrics measure quantitatively or qualitatively?[1] Are the measurement and monitoring tools available or will that have to acquired or developed? Can the data from intrusion detection systems and audit logs assist you in developing those metrics?[2] These and other questions must be asked when considering the numbers and measurements associated with an indicator. For many indicators, how to measure progress is relatively clear. A performance indicator such as "mean time to detect" (how long before your business becomes aware of a cybersecurity incident) will be measured in days. An indicator such as "risk classification" (is the risk minor, major, real, etc.) is measured using a non-numerical classification word. Refer to Black et al. and their Cyber security metrics and measures[3], as well as the HSSEDI (Homeland Security Systems Engineering and Development Institute) document Cyber Risk Metrics Survey, Assessment, and Implementation Plan[4], for more about cybersecurity metrics.

References

  1. Marr, B. (2012). "Introduction". Key Performance Indicators (KPI): The 75 Measures Every Manager Needs to Know. Pearson UK. p. xxvii. ISBN 9780273750116. https://books.google.com/books?id=WleQ-F6WC3sC&printsec=frontcover. 
  2. Downing, K. (December 2017). "AHIMA Guidelines: The Cybersecurity Plan" (PDF). American Health Information Management Association. https://journal.ahima.org/wp-content/uploads/2017/12/AHIMA-Guidelines-Cybersecurity-Plan.pdf. Retrieved 23 July 2020. 
  3. Black, P.E.; Scarfone, K.; Souppaya, M. (2008). "Cyber security metrics and measures". In Voeller, J.G.. Handbook of Science and Technology for Homeland Security. 5. John Wiley & Sons. doi:10.1002/9780470087923.hhs440. ISBN 9780471761303. 
  4. Jones, N.; Tivnan, B. (11 May 2018). "Cyber Risk Metrics Survey, Assessment, and Implementation Plan" (PDF). Homeland Security Systems Engineering and Development Institute. https://www.mitre.org/sites/default/files/publications/pr_18-1246-ngci-cyber-risk-metrics-survey-assessment-and-implementation-plan.pdf. Retrieved 23 July 2020.