Difference between revisions of "Measure"

From CIPedia
Jump to navigation Jump to search
(ISO standards)
(18 intermediate revisions by the same user not shown)
Line 9: Line 9:
 
{{definition|Mesure: Moyen de gérer un risque, et pouvant être de nature administrative, technique, gestionnaire ou juridique. <ref>[http://www.dgssi.gov.ma/uploads/media/DIRECTIVE_NATIONALE_DE_LA_SECURITE_DES_SYSTEMES_D_INFORMATION.pdf DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013]</ref>}}<br/><br/>
 
{{definition|Mesure: Moyen de gérer un risque, et pouvant être de nature administrative, technique, gestionnaire ou juridique. <ref>[http://www.dgssi.gov.ma/uploads/media/DIRECTIVE_NATIONALE_DE_LA_SECURITE_DES_SYSTEMES_D_INFORMATION.pdf DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013]</ref>}}<br/><br/>
 
==== [[Namibia]] ====
 
==== [[Namibia]] ====
{{definition|“Measures”: there is a difference between preventive and corrective measures. ''Preventative Measures'': Are the measures taken to prevent a security breach. ''Corrective Measures'': Is the action taken, after a security breach, has occurred. <ref>[http://www.kavangoeastrc.gov.na/documents/186712/293549/MRLGH+and+subnational+policies.pdf/77d5b97f-1f64-4264-9363-1c07be4ddf23 Ministry of Regional and Local Government, Housing and Rural Development inclusive of Subnational Government, IT Policies, 2012]</ref>}}<br/><br />
+
{{definition|“Measures”: there is a difference between preventive and corrective measures. ''Preventative Measures'': Are the measures taken to prevent a security breach. ''Corrective Measures'': Is the action taken, after a security breach, has occurred. <ref>[http://www.kavangoeastrc.gov.na/documents/186712/293549/MRLGH+and+subnational+policies.pdf/77d5b97f-1f64-4264-9363-1c07be4ddf23 Ministry of Regional and Local Government, Housing and Rural Development inclusive of Subnational Government, IT Policies, 2012]</ref>}}<br/><br/>
 
 
  
 
==== [[Romania]] ====
 
==== [[Romania]] ====
 
{{definition|Măsură (utilizat preponderent la plural): Procedeu/mijloc întrebuinţat, hotărâre luată, dispoziţie dată - pentru realizarea unui scop precis.  <ref>[http://www.editura.mai.gov.ro/documente/biblioteca/2006/Glosar%20de%20termeni%20din%20domeniul%20ordinii%20publice/GLOSAR%20OP.pdf GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE]</ref>}}<br/><br/>
 
{{definition|Măsură (utilizat preponderent la plural): Procedeu/mijloc întrebuinţat, hotărâre luată, dispoziţie dată - pentru realizarea unui scop precis.  <ref>[http://www.editura.mai.gov.ro/documente/biblioteca/2006/Glosar%20de%20termeni%20din%20domeniul%20ordinii%20publice/GLOSAR%20OP.pdf GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE]</ref>}}<br/><br/>
 +
====[[United States]]====
 +
===== [[NIST]]=====
 +
{{definition|Measures: the results of data collection, analysis, and reporting <ref>[https://csrc.nist.gov/glossary/term/Operational-technology NIST Glossary/ NIST SP 800-55 (superseded)]</ref>}}<br/><br/>
 +
 
===Standard Definition===
 
===Standard Definition===
 
==== [[ISO|ISO standards]]====
 
==== [[ISO|ISO standards]]====
{{definition|Variable to which a value is assigned as the result of measurement <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. The  term  “measures”  is  used  to  refer  collectively  to  base  measures,  derived  measures, and indicators. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}}<br />
+
{{definition|Variable to which a value is assigned as the result of measurement. <ref name=iso15939>[http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref> The  term  “measures”  is  used  to  refer  collectively  to  base  measures,  derived  measures, and indicators. <ref name="ISO27000-14A">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}}<br />
  
{{definition|Measurement refers to a process to determine a value. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> }}<br />
+
{{definition|Measurement refers to a process to determine a value. <ref name="ISO27000-14A">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}}<br />
<big>In the context of  [[Information  Security]] the process of determining a value requires information about the effectiveness of an [[information security management system]] and its associated [[control|controls]] using a measurement method, a measurement function, an analytical model, and decision criteria.
+
<big>In the context of  [[Information  Security]] the process of determining a value requires information about the effectiveness of an information security management system and its associated [[control|controls]] using a measurement method, a measurement function, an analytical model, and decision criteria.
* Measurement function is algorithm or calculation performed to combine two or more base measures. <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>
+
* Measurement function is an algorithm or calculation performed to combine two or more base measures. <ref name=iso15939>[http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>
* Measurement method is logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>. The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
+
* Measurement method is a logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale. <ref name=iso15939>[http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref> The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
 
:* subjective: quantification involving human judgment;
 
:* subjective: quantification involving human judgment;
 
:* objective: quantification based on numerical rules.
 
:* objective: quantification based on numerical rules.
* Measurement results are one or more indicators and their associated interpretations that address an information need.
+
* Measurement results are one or more indicators and their associated interpretations that address an information need.
* Decision criteria refer to thresholds,  targets,  or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result <ref> [http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>.
+
* Decision criteria refer to thresholds,  targets,  or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result. <ref name=iso15939>[http://www.iso.org/iso/catalogue_detail.htm?csnumber=44344 ISO/IEC 15939:2007 Systems and software engineering -- Measurement process]</ref>
 
*Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.</big>
 
*Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.</big>
  
Line 39: Line 42:
  
 
[[Category:Protection]]
 
[[Category:Protection]]
{{#set:defined by=EU|defined by=ISO|defined by=Morocco|defined by=Romania}}
+
{{#set:defined by=EU|defined by=ISO|defined by=Morocco|defined by=Namibia|defined by=Romania|defined by=NIST|defined by=United States}}
 
{{#set: Showmainpage=Yes}}
 
{{#set: Showmainpage=Yes}}

Revision as of 16:40, 19 December 2020

For the term which is synonymous to "countermeasure", "safeguard" or "control", please refer to entry Control.

Definitions

European Definitions

CLIMATE-ADAPT

Adaptation measures are technologies, processes, and activities directed at enhancing our capacity to adapt (building adaptive capacity) and at minimising, adjusting to and taking advantage of the consequences of climatic change (delivering adaptation). [1]



National Definitions

Morocco

Mesure: Moyen de gérer un risque, et pouvant être de nature administrative, technique, gestionnaire ou juridique. [2]



Namibia

“Measures”: there is a difference between preventive and corrective measures. Preventative Measures: Are the measures taken to prevent a security breach. Corrective Measures: Is the action taken, after a security breach, has occurred. [3]



Romania

Măsură (utilizat preponderent la plural): Procedeu/mijloc întrebuinţat, hotărâre luată, dispoziţie dată - pentru realizarea unui scop precis. [4]



United States

NIST
Measures: the results of data collection, analysis, and reporting [5]



Standard Definition

ISO standards

Variable to which a value is assigned as the result of measurement. [6] The term “measures” is used to refer collectively to base measures, derived measures, and indicators. [7]


Measurement refers to a process to determine a value. [7]


In the context of Information Security the process of determining a value requires information about the effectiveness of an information security management system and its associated controls using a measurement method, a measurement function, an analytical model, and decision criteria.

  • Measurement function is an algorithm or calculation performed to combine two or more base measures. [6]
  • Measurement method is a logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale. [6] The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
  • subjective: quantification involving human judgment;
  • objective: quantification based on numerical rules.
  • Measurement results are one or more indicators and their associated interpretations that address an information need.
  • Decision criteria refer to thresholds, targets, or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result. [6]
  • Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.

See also

Notes