Metrics to Track Cybersecurity Efforts Cheat Sheet
by David Pollack (Davidpol) via cheatography.com/2754/cs/8491/
Introd​uction
The steps taken by the federal government are just starting points, and
much work is yet to be done to improve the security of IT systems, data
and critical infras​tru​cture. Jim Richmann, Study Director of Cybers​ecurity
Research, Institute of Defense Analyses, recently spoke during a
GovLoop webinar, Combating the Cyber Landscape. Richmann’s
presen​tation focused on how agencies can establish cyber metrics to
improve security strategies. Prior to identi​fying potential metrics for
agencies to adopt, Richmann provided an overview of the founda​tional
elements needed to create metrics at an agency. Four areas he focused
on were:.
Founda​tional Elements Needed to Create Metrics
 Understand Your Cybers​ecurity Founda​tion: This foundation
includes hardware and software assets, including, routers, switches,
physical point-​to-​point circuits, SANs, management tools, satellite links
and wireless hubs.
 Know Your Dedicated Defense Assets: These assets are designed
only to provide cyber defense. These elements include enterprise virus
scanning software, intrusion detection systems, firewalls and PKI.
 Identify Your Unique Cyberspace Assets:
These assets exist only in cybers​pace. Some examples include end-user
hardware clients, applic​ation servers, web servers, mobile devices, web
servers, ERP systems, printers, scanners and applic​ation software.
 Assets that Leverage Cybers​pace: These assets utilize cybers​pace,
but their primary existence and function is in other domains. Some
examples include weapons systems, related platforms, support systems
and infras​tru​cture.
By David Pollack (Davidpol) Published 10th October, 2016.
cheatography.com/davidpol/ Last updated 10th October, 2016.
Page 1 of 1.
Potential Metrics
In the presen​tation, Richmann identified 19 potential metrics for agencies
to use, but cautioned that agencies must
tailor their metrics to meet their needs. The examples he presented were:
1. Percentage of source traffic covered by founda​tional cyber defense
assets in DMZs
2. Currency of enterprise virus signatures
3. Percentage of client systems that have current enterprise virus
signatures
4. Percentage of desktops with automated patching
5. Percentage of desktops with automated integrity checking
6. Volume of traffic blocked at border router (segmented by type)
7. Blocked port scan volume at border router
8. Currency of firmware patches for founda​tional cyber defense assets
9. Known zero day export exposure (publicly known)
10. Uptime and availa​bility for assets
11. Number of cyber attacks that are detected: Viruses, spam, phishing
attacks, etc.
12. Assets not patched to current standard
13. Firmware not updated to enterprise standards
14. Assets failing integrity check
15. Non-st​andard software instal​lations detected
16. Known zero-day exploit exposure (publicly known)
17. Currency of required admini​strator training
18. Vulner​ability scan statistics
19. Source code scan results (where available and applic​able)
Cybers​ecurity is only effective when agencies can baseline and measure
success. In order to do so, agencies must place an emphasis on defining
metrics that fit organi​zat​ional need, and work diligently to identify risks,
assess vulner​abi​lities and create a robust set of metrics to measure
success.
Sponsored by CrosswordCheats.com
Learn to solve cryptic crosswords!
http://crosswordcheats.com