Security Automation & Measurement
Public-private collaboration is enabling the maturation and adoption of security automation and measurement processes and capabilities. With sponsorship through U.S. Federal agencies, technical leadership of MITRE’s security automation efforts, and collaboration forums with government, industry, and academic stakeholders, the IT security community is:
- improving the measurability of security through registries of baseline security data,
- providing standardized languages as means for accurately communicating the information,
- defining proper usage, and
- helping to establish community approaches for standardized processes.
Other activities and initiatives have similar concepts or compatible approaches, and together these efforts are helping to make security more measurable by defining the concepts that need to be measured, providing for high fidelity communications about the measurements, and providing for sharing of the measurements and the definitions of what to measure. Details about these efforts are found at Making Security Measurable.
More Information
Making Security Measurable and Manageable provides a perspective for recasting cybersecurity practices using architecture and systems engineering principles.
Current Collection of All Security Standardization Efforts
- Languages/Formats
- Registries
- Compatible Usage
- Standardized Processes
- Organizations Supporting Standards
- Standards Bodies
Making Security Measurable Events & Participation
Resources for Security Automation & Measurement
Cyber Security Measurement and Management Architecture (PDF)
Benefits of Making Security Measurable (PDF)
White Paper: Making Security Measurable and Manageable (PDF)
Making Security Measurable: Current Collection of All Standards Efforts (PDF)
Practical Measurement Framework for Software Assurance and Information Security (PDF)
Measuring Cyber Security and Information Assurance: State-of-the-Art Report (SOAR)(PDF)
Center for Internet Security (CIS) Security Metrics (PDF)
Getting Started in Software Assurance (SwA) (HTML)