Difference between revisions of "Measure"
Jump to navigation
Jump to search
(→Notes) |
|||
Line 1: | Line 1: | ||
− | For the term which is synonymous to "[[countermeasure]]", "[[safeguard]]" or "[[control]]", please refer to entry [[Control]]. | + | <big>For the term which is synonymous to "[[countermeasure]]", "[[safeguard]]" or "[[control]]", please refer to entry [[Control]].</big> |
==Definitions== | ==Definitions== | ||
Line 5: | Line 5: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO standards==== | ==== ISO standards==== | ||
− | Variable to which a value is assigned as the result of measurement <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. The term “measures” is used to refer collectively to base measures, derived measures, and indicators <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. | + | {{definition|Variable to which a value is assigned as the result of measurement <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. The term “measures” is used to refer collectively to base measures, derived measures, and indicators <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>.}} |
− | Measurement refers to a process to determine a value <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. | + | {{definition|Measurement refers to a process to determine a value <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. }} |
− | |||
− | |||
+ | <big>In the context of [[Information Security]] the process of determining a value requires information about the effectiveness of an [[information security management system]] and its associated [[control|controls]] using a measurement method, a measurement function, an analytical model, and decision criteria. | ||
* Measurement function is algorithm or calculation performed to combine two or more base measures <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. | * Measurement function is algorithm or calculation performed to combine two or more base measures <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. | ||
* Measurement method is logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished: | * Measurement method is logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished: | ||
Line 16: | Line 15: | ||
* Measurement results are one or more indicators and their associated interpretations that address an information need. | * Measurement results are one or more indicators and their associated interpretations that address an information need. | ||
* Decision criteria refer to thresholds, targets, or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. | * Decision criteria refer to thresholds, targets, or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. | ||
− | *Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria. | + | *Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.</big> |
==See also== | ==See also== |
Revision as of 11:36, 17 June 2014
For the term which is synonymous to "countermeasure", "safeguard" or "control", please refer to entry Control.
Definitions
Standard Definition
ISO standards
Variable to which a value is assigned as the result of measurement [1]. The term “measures” is used to refer collectively to base measures, derived measures, and indicators [2].
Measurement refers to a process to determine a value [2].
In the context of Information Security the process of determining a value requires information about the effectiveness of an information security management system and its associated controls using a measurement method, a measurement function, an analytical model, and decision criteria.
- Measurement function is algorithm or calculation performed to combine two or more base measures [3].
- Measurement method is logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale [4]. The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
- subjective: quantification involving human judgment;
- objective: quantification based on numerical rules.
- Measurement results are one or more indicators and their associated interpretations that address an information need.
- Decision criteria refer to thresholds, targets, or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result [5].
- Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.
See also
Notes
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process
- ↑ 2.0 2.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process