A metric is
|“||a defined measurement method and measurement scale, which is used in relation to a quantitative service level objective.||”|
A metric is
|“||[a] quality of service delivery parameter such as delay, packet loss, data rates, and availability.||”|
A metric is an algorithm or specific procedure whereby the outcome is used as a measure or measurement. It is a means of measuring and predicting aspects of processes, resources, and products that are relevant to the business activity.
IT security metrics must be based on IT security performance goals and objectives. IT security performance goals state the desired results of a system security program implementation. IT security performance objectives enable accomplishment of goals by identifying practices defined by security policies and procedures that direct consistent implementation of security controls across the organization. IT security metrics monitor the accomplishment of the goals and objectives by quantifying the level of implementation of the security controls and the effectiveness and efficiency of the controls, analyzing the adequacy of security activities and identifying possible improvement actions.
- Cloud Service Level Agreement Standardisation Guidelines, at 13.
- Unified Capabilities, Framework 2013, App. C, at C-28 (full-text).
- Report on Cybersecurity Practices, at 46 n.9.
- NIST Special Publication 800-55.
- Framework for Improving Critical Infrastructure Cybersecurity (Draft Ver. 1.1), at 48.