Developing a Metrics Framework for the Federal Government in Computer Security Incident Response

  • Sritapan V
  • Stewart W
  • Zhu J
  • et al.
N/ACitations
Citations of this article
13Readers
Mendeley users who have this article in their library.

Abstract

As technology advances and society becomes more dependent on information technology (IT), the exposure to vulnerabilities and threats increases. These threats pertain to industry as well as government information systems. There is, however, a lack in how we measure the performance and create accountability for computer security incident response (CSIR) capabilities. Many government organizations still struggle to determine what security metrics to use and how to find value within these metrics. To fill this apparent gap, a metrics framework has been developed for incident response to serve as an internal analysis, supporting continuous improvement in incident reporting and strengthening the security posture for an organization's mission. The goal of this metrics framework for CSIR aims to provide a holistic approach towards security metrics, which is specific to incident reporting and promotes efforts of more practical and clear guidelines on measuring the computer security incident response team (CSIRT). An additional benefit to this project is that it provides middle management with a framework for measuring the results of incident reporting in a CSIR program. [PUBLICATION ABSTRACT]

Cite

CITATION STYLE

APA

Sritapan, V., Stewart, W., Zhu, J., & Rohm, C. E. T. (2014). Developing a Metrics Framework for the Federal Government in Computer Security Incident Response. Communications of the IIMA, 11(3). https://doi.org/10.58729/1941-6687.1170

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free