Measure

From CIPedia
Revision as of 13:03, 4 June 2014 by Mtheocharidou (talk | contribs) (Notes)
Jump to navigation Jump to search

For the term which is synonymous to "countermeasure", "safeguard" or "control", please refer to entry Control.

Definitions

Standard Definition

ISO standards

Variable to which a value is assigned as the result of measurement [1]. The term “measures” is used to refer collectively to base measures, derived measures, and indicators [2]. Measurement refers to a process to determine a value [2].

In the context of Information Security the process of determining a value requires information about the effectiveness of an information security management system and its associated controls using a measurement method, a measurement function, an analytical model, and decision criteria.

  • Measurement function is algorithm or calculation performed to combine two or more base measures [3].
  • Measurement method is logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale [4]. The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
  • subjective: quantification involving human judgment;
  • objective: quantification based on numerical rules.
  • Measurement results are one or more indicators and their associated interpretations that address an information need.
  • Decision criteria refer to thresholds, targets, or patterns used to determine the need for action or further investigation, or to describe the level of confidence in a given result [5].
  • Analytical model is algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.

See also

Notes