Developing a Framework for Evaluating Organizational Information Assurance Metrics Programs
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
The push to secure organizational information has brought about the need to develop better metrics for understanding the state of the organizations security capability. This thesis utilizes case studies of information security metrics programs within Department of Defense organizations, the United States Air Force USAF, and the National Aeronautics and Space Administrations NASAs Jet Propulsion Lab to discover how these organizations make decisions about how the measurement program is designed, how information is collected and disseminated, and how the collected information supports decision making. This research finds that both the DOD and USAF have highly complex information security programs that are primarily focused on determining the return for security investments, meeting budget constraints, and achieving mission objectives while NASAs Jet Propulsion Lab seeks to improve security processes related to compliance. While the analytical techniques were similar in all of the cases, the DOD and USAF use communication processes still based mostly on manual data calls and communications. In contrast, NASAs JPL information security metrics program employs a more automated approach for information collection and dissemination.
- Information Science
- Computer Systems Management and Standards
- Economics and Cost Analysis