Accession Number:



Using Benchmarking to Make Better Security Decisions. Part 1: What Is Benchmarking and Why Is It Useful?

Descriptive Note:

[Technical Report, Other]

Corporate Author:


Personal Author(s):

Report Date:


Pagination or Media Count:



Betsy Nichols Okay, great. Well, I suppose the shortest definition for benchmarking is just to define a point of reference for measurement. So metrics, of course, are all about measurement and benchmarking is all about really making comparisons. One type of comparison is a best practice type comparison, where essentially youre saying, Heres a definition of perfection, and youre trying to define some measurement as to how far you may deviate from it. Another is more of a normative kind of benchmark, where what youre doing is measuring a group of people and saying Whats typical and am I above or below the mean or in a certain percentile So thats one variant. There are other variations on benchmarks that have to do with timing. For example, some people do benchmarking in real time in order to detect anomalies from a norm and take corrective action. Another is a more sort of strategic application where what youre trying to do is find out norms over time and use benchmarks to make better decisions.

Subject Categories:

  • Administration and Management
  • Computer Systems Management and Standards
  • Computer Programming and Software

Distribution Statement:

[A, Approved For Public Release]