Information security measurements are used to facilitate decision-making and improve performance and accountability through the collection, analysis and reporting of relevant cybersecurity performance-related data. The purpose of measuring performance is to monitor the status of measured activities and facilitate improvement in those activities by applying corrective actions based on observed measurements.
The subdomains for this knowledge domain are:
- Security analytics and visualization
- Security metrics, key performance indicators, and benchmarks
- Validation and comparison frameworks for security metrics
- Measurement and assessment of security levels