Enterprise Software Management Systems by Using Security Metrics

Metrics are quantifiable measurement. Security metrics are quantitative indicators for the security attributes of an information system or technology. Metrics helps us to understand quality and consistency. Metrics provides a universal way to exchange ideas, to measure the product or service quality, and to improve a process. We cannot improve security if we cannot measure it. This applies to security as well. Security metrics are assuming tremendous importance as they are dynamic for measuring the current security status, to develop operational best practices and for managing future security research. This topic is very applicable at a time when organizations are coming under increasing pressure requiring them to demonstrate due persistence when protecting the data assets of themselves and their users. In these situations metrics (CVSS) can give the organizations a way to prioritize vulnerabilities and the risks they pose to enterprise information assets. This paper presents a framework for ranking vulnerabilities in a consistent fashion, and some operational metrics used by large enterprises in managing their software systems security process and to cover all dimensions of IT security from organizational (people), technical and operational points of view.