Measuring Cyber Security and Information Assurance: A State of the Art Report

This Information Assurance Technology Analysis Center (IATAC) State of the Art Report (SOAR) provides a representative overview of the current state of the art of the measurement of cyber security and information assurance (CS/IA).  It summarizes the progress made in the CS/IA measurement discipline and advances in CS/IA measurement research since 2000.  Topics addressed include: terms and definitions used to describe CS/IA measurement; standards, guidelines, and best practices for development and implementation of quantitative and qualitative measures and measurement; activities that provide measurable data and statistics; current efforts to make security more measurable through a variety of protocols and enumerations; research within and outside of the Department of Defense existing gaps betweens expectations and the state of the art, with recommendations for filling these gaps.