Abstract
Measurement for measurement’s sake is a waste of time and money. It is not unusual for people to measure things simply because somebody—some edict or some policy—stipulates that things should be measured. Yes, measurement certainly has a role to play in making successful cybersecurity happen. But unless this role is thought through, measurement can degenerate into a meaningless exercise. This chapter describes a measurement approach that can help an enterprise assess the effectiveness of its cybersecurity program.
Keywords
Expert Judgment Functional Area Measurement Approach Risk Mitigation Intended Audience
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Copyright information
© Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam 2015