AOH :: IS1813.HTM

NIST suggests areas for further security metrics research




NIST suggests areas for further security metrics research
NIST suggests areas for further security metrics research



http://gcn.com/articles/2009/03/09/nist-security-metrics.aspx 

By William Jackson
GCN.com
Mar 09, 2009

Computer security is a difficult thing to quantify because, if done 
right, nothing happens. How, then, do you measure what didn't happen?

Nevertheless, meaningful metrics are necessary so security can become a 
reliable, repeatable process with the necessary levels of assurance. The 
National Institute of Standards and Technology (NIST) doesn't have the 
answer for this, but scientists in its Computer Security Division have 
identified some areas for further research they hope might yield 
results.

"Security metrics is an area of computer security that has been 
receiving a good deal of attention lately," the agency said in the draft 
of the new interagency report, titled "Directions in Security Metrics 
Research." "It is not a new topic, but one which receives focused 
interest sporadically."

So far, this interest has not produced many actual metrics that have 
proven useful in practice. "Advancing the state of scientifically sound, 
security measures and metrics would greatly aid the design, 
implementation, and operation of secure information systems," the report 
states.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods