Abstract
|
By first raising and then dispelling seven common rules about metrics, this paper discusses the requirements and design constraints for a practical system to measure, report and improve data security. Data security will become business-as-usual after the implementation program is completed, but the need for measurement and continuous improvement will persist indefinitely. In other words, we needed more than conventional program or project management metrics. The need for data security metrics was much more pragmatic. Furthermore, intended to embed data security deeper into the academic/corporate culture, meaning that security awareness is an important component. We propose seven rules for data security in the context of Software metrics.
|