Developing a Framwork for Evaluating Organizational Information Assurance Metrics Programs

Author

Adam R. Bryant

Date of Award

3-6-2007

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Systems Engineering and Management

First Advisor

Michael R. Grimaila, PhD

Abstract

The push to secure organizational information has brought about the need to develop better metrics for understanding the state of the organization’s security capability. This thesis utilizes case studies of information security metrics programs within Department of Defense organizations, the United States Air Force (USAF), and the National Aeronautics and Space Administration’s (NASA’s) Jet Propulsion Lab to discover how these organizations make decisions about how the measurement program is designed, how information is collected and disseminated, and how the collected information supports decision making. This research finds that both the DOD and USAF have highly complex information security programs that are primarily focused on determining the return for security investments, meeting budget constraints, and achieving mission objectives while NASA’s Jet Propulsion Lab seeks to improve security processes related to compliance. While the analytical techniques were similar in all of the cases, the DOD and USAF use communication processes still based mostly on manual data calls and communications. In contrast, NASA’s JPL information security metrics program employs a more automated approach for information collection and dissemination.

AFIT Designator

AFIT-GIR-ENV-07-M5

DTIC Accession Number

ADA467367

Recommended Citation

Bryant, Adam R., "Developing a Framwork for Evaluating Organizational Information Assurance Metrics Programs" (2007). Theses and Dissertations. 3047.
https://scholar.afit.edu/etd/3047