Litcius/Paper detail

The need for cybersecurity data and metrics: empirically assessing cyberthreat

Brandon Valeriano

2022Journal of Cyber Policy5 citationsDOI

Abstract

Without assessment metrics and data, the cybersecurity community maintains no ability to evaluate the success or scope of operations. Calls for the collection of cybersecurity indicators are empty without strategic guidance on what indicators to collect, for what purpose, and for what method of analysis. This paper reviews the purpose, function and need for cybersecurity data and metrics with an in-depth review of United States metrics guidance offered in the National Defense Authorisation Act (NDAA) and National Institute of Standards and Technology (NIST) publications on metrics. Mission assessment is critical to evaluate the efficacy of ongoing and future cybersecurity efforts; assessments require quantitative metrics that place concrete values on indicators rather than subjective judgments.

Topics & Concepts

Computer securityComputer scienceData breachData scienceInternet privacyInformation and Cyber SecurityCybersecurity and Cyber Warfare StudiesCybercrime and Law Enforcement Studies
The need for cybersecurity data and metrics: empirically assessing cyberthreat | Litcius