Metrics Definitions

- - posted in definitions | Comments

No consensus exists on what security metrics should be used for measuring security effectiveness. This page documents commentary on metrics definitions from external sources.

Metrics Definitions

The Robert Frances Group recently reported in CSO magazine that the companies it surveyed used these metrics definitions:

Metric% using
Viruses detected in user files92.3%
Viruses detected in e-mail messages92.3%
Invalid logins (failed password)84.6%
Intrusion attempts84.6%
Spam detected/filtered76.9%
Unauthorized website access (content filering)69.2%
Invalid logins (failed username)69.2%
Viruses detected on websites61.5%
Unauthorized access attempts (internal)61.5%
Admin violations (unauthorized changes)61.5%
Intrusion successes53.8%
Unauthorized information disclosures38.5%
Spam not detected (missed)38.5%
Spam false positives30.8%

Click on the link above to see the full article.