Towards Metrics for Cyber Security
R. Ford, M. Carvalho, L. Mayron, and M. Bishop, “Towards Metrics for Cyber Security,” 21st EICAR Annual Conference Proceedings pp. 151–159 (May 2012).
There is great interest in the topic of resilient cyber systems. However, much of the accompanying research is clouded by a lack of an appropriate definition of the term “resilience” and the challenges of measuring the actual resilience of a system. In this paper, we examine some of the lessons learned in defining resilience metrics and argue that such metrics are highly contextual, and that a general, quantitative set of metrics for resilience of cyber systems is impractical. Instead, we provide a set of considerations and guidelines for building metrics that are helpful for a particular system.