Communications of the IIMA


As technology advances and society becomes more dependent on information technology (IT), the exposure to vulnerabilities and threats increases. These threats pertain to industry as well as government information systems. There is, however, a lack in how we measure the performance and create accountability for computer security incident response (CSIR) capabilities. Many government organizations still struggle to determine what security metrics to use and how to find value within these metrics. To fill this apparent gap, a metrics framework has been developed for incident response to serve as an internal analysis, supporting continuous improvement in incident reporting and strengthening the security posture for an organization’s mission. The goal of this metrics framework for CSIR aims to provide a holistic approach towards security metrics, which is specific to incident reporting and promotes efforts of more practical and clear guidelines on measuring the computer security incident response team (CSIRT). An additional benefit to this project is that it provides middle management with a framework for measuring the results of incident reporting in a CSIR program.