Enterprise IT security metrics: Classification, examples and characteristics (in Bulgarian)

Publication Type:



Veselin Monev


IT4Sec Reports, Institute of Information and Communication Technologies, Number 111, Sofia (2014)


characteristics, classification, company, expected annual lose, incident, IT security, management, matrix, measure, Metric, metrics, Risk, Vulnerabilities


The report addresses the key issues associated with measuring IT security for private companies. Several classifications of metrics are discussed focusing on the functions of different levels of security management. For the most part, this work examines the pros and cons of common metrics for measuring IT security and provides guidelines for creating own metrics. ‘Own metrics,’ adapted to the corporate environment, are those which security managers have to create and use for the purpose of effective management.