Making Security Measurable

MITRE, in collaboration with government, industry, and academic stakeholders, is improving the measurability of security throughregistriesof baseline security data, providing standardizedlanguagesas means for accurately communicating the information, defining properusage, and helping establish community approaches for standardizedprocesses.

The other activities and initiatives listed here have similar concepts or compatible approaches to MITRE’s. Together all of these efforts — be they mature or continuing to build momentum — are helping to make security more measurable by defining the concepts that need to be measured, providing for high fidelity communications about the measurements, and providing for sharing of the measurements and the definitions of what to measure.

Measurable security pertains at a minimum to the following areas:

Software Assurance

Application Security

Asset Management

Supply Chain Risk Management

Cyber Intelligence Threat Analysis

Cyber Threat Information Sharing

Vulnerability Management

Patch Management

Configuration Management

Malware Protection

Intrusion Detection

System Assessment

Incident Coordination

Enterprise Reporting

Remediation

This website is sponsored and managed bymanbetx客户端首页to enable stakeholder collaboration. Copyright © 2007–2023 The MITRE Corporation. MITRE, the MITRE logo, CVE, and the CVE logo are registered trademarks and the Making Security Measurable logo, CWE, the CWE logo, CAPEC, the CAPEC logo, MAEC, the MAEC logo, CWSS, the CWSS logo, CWRAF, the CWRAF logo, and Recommendation Tracker are trademarks of The MITRE Corporation. All other trademarks are the property of their respective owners. All other trademarks are the property of their respective owners. Contact us:measurablesecurity@mitre.org

Page Last Updated:July 08, 2013