18 ◾ Information Security Metrics
e practical considerations for security metric measurement include
1. What is being measured?
2. Why is it being measured?
3. How it is being measured?
4. When was it measured?
5. Where was it measured?
6. Who is it being measured for?
7. What does it mean?
8. To whom?
In the following chapters we will endeavor to identify the current approaches to
various security metrics. en, we subsequently propose another perspective that
will hopefully be more useful for security management.
2.4 Monitoring vs. Metrics
Monitoring and metrics are often spoken in the same breath but are obviously quite
different. From a management perspective, both can serve the same purpose of pro-
viding information to guide a