Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard
Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and network services such as Hyper-Text Transfer Protocol Secure (HTTPS) and Virtual Private Network (VPN).