Page 46 - index
P. 46
-&"#(3 +0/ 3 "- " 0-&/3 "/-& .
Milica Djekic, an Online Marketing Coordinator at Dejan SEO and the Editor-in-Chief at
Australian Science Magazine
Recently I have been watching two very interesting webinars at BrightTALK - Defining Cyber
threats: Understanding is the Key to Defense and The State of Metric Based Security.
Afterwards I have done some research regarding what I have learned through those
presentations and here I would like to explain what cyber security metrics are all about. In
general, cyber metrics are exactly what the titles of the webinars suggest. They are great stuffs
because they can support us in controlling, understanding, and, in case of threat, defending a
cyber system. So, let’s start our discussion.
What Would be Cyber Defense Goals?
With a development of cyber systems, there were a lot of requirements that had to be satisfied
in terms of cyber security. As the most important cyber defense goals, some authors mention
the following things: (1) increase of the cost to an attacker, (2) increase of the uncertainty that
an attack would be successful, (3) increase in a chance of the detection and attribution. So, let’s
explain these goals.
First, let’s try to explain what the cost to an attack would be. In general, this cost can be defined
as a combination between: 1) the number of times a particular phase of the attack is attempted
and 2) the amount of time that is spent in the preparatory phases of an attack. In other words, a
cyber security is good if there is an increase in this quantity.
Further, the uncertainty that an attack could be successful can be measured as a function of the
amount of time a threat spends executing its goal. If that time increases, we can say that our
cyber defense is good.
Finally, the probability that a cyber attack is detected is proportional to the time the attack
spends actively searching and executing its goal. We can say a cyber defense is successful if
there is an increase in this quantity.
The Difference between Metrics and Measurements
First of all, let us try to understand what the metrics really are. Metrics are very often correlated
with measurements, so let us see what would be a difference between these two. In general, a
measurement is like a scalar. It provides single-point-in-time views of specific, discrete factors,
while metrics are derived by comparing to a predetermined baseline two or more measurements
taken over time. They are more like vector variables. In addition, measurements are generated
by counting; metrics are generated from analysis. In other words, measurements are objective
raw data and metrics are either objective or subjective human interpretations of those data. That
means metrics can provide us with some intelligence although they are a collection of data with
some analysis applied. They are always affected by human factor, since, by definition, their
interpretation depends on human’s decisions.
Good metrics are usually those that are SMART, i.e. specific, measurable, attainable,
repeatable, and time-dependent. The purpose of good metrics is to indicate the degree by which
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
