In the context of Information Security the process of determining a value requires information about the effectiveness of an information security management system and its associated controls using a measurement method, a measurement function, an analytical model, and decision criteria.
- Measurement function is an algorithm or calculation performed to combine two or more base measures. 
- Measurement method is a logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale.  The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
- subjective: quantification involving human judgment;
- objective: quantification based on numerical rules.
- Measurement results are one or more indicators and their associated interpretations that address an information need.
- Decision criteria refer to thresholds, targets, or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result. 
- Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.
- European Climate Adaptation Platform (CLIMATE-ADAPT) Glossary
- DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013
- Ministry of Regional and Local Government, Housing and Rural Development inclusive of Subnational Government, IT Policies, 2012
- GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- NIST Glossary/ NIST SP 800-55 (superseded)
- ISO/IEC 15939:2007 Systems and software engineering -- Measurement process Cite error: Invalid
<ref>tag; name "iso15939" defined multiple times with different content Cite error: Invalid
<ref>tag; name "iso15939" defined multiple times with different content
- ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary Cite error: Invalid
<ref>tag; name "ISO27000-14" defined multiple times with different content