Measure
For the term which is synonymous to "countermeasur", "safeguard" or "control", please refer to entry Control.
Definitions
Standard Definition
ISO standards
Variable to which a value is assigned as the result of measurement [1]. The term “measures” is used to refer collectively to base measures, derived measures, and indicators [2]. Measurement refers to a process to determine a value [2].
In the context of information security the process of determining a value requires information about the effectiveness of an information security management system and its associated controls using a measurement method, a measurement function, an analytical model, and decision criteria.
- Measurement function is algorithm or calculation performed to combine two or more base measures [3].
- Measurement method is logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale [4]. The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
- * subjective: quantification involving human judgment;
- objective: quantification based on numerical rules.
6 © ISO/IEC 2014 – All rights reserved2.51 measurement results one or more indicators (2.30) and their associated interpretations that address an information need (2.31)
See also
Notes
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process
- ↑ 2.0 2.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process
- ↑ ISO/IEC 15939:2007 Systems and software engineering -- Measurement process