How to measure Cybersecurity requirements
Just ask!
Definitions
If you put together “N” cybersecurity professionals, I can guarantee, in my experience that, if such a conversation is initiated, there will be a total number of definitions “X” of each of the following concepts:
- Information security / cybersecurity
- Incident
- Vulnerability
- Weakness
- Threat
- Risk
Where, for every concept, sadly X > N
Add to the mix Confidentiality, Integrity, Availability, Possession, Utility, Risk, Authentication, Authorization, Audit, Reliability, Access Control, Identification, Privacy, Anonymity, Business Continuity, Non-Repudiation or Accountability among other less popular ones, and the Babel Tower will reach the sky.
I looked into how they define things is physics for inspiration, as they use something called “operational definitions”. These operation definitions have some neat attributes:
- Measurements are independent of the observer.
- Measurements are repeatable.
- Measurements have units.
The objective measurement of a certain attribute of a certain object should…