Using Benchmarking to Make Better Security Decisions. Part 1: What Is Benchmarking and Why Is It Useful?

Abstract

Betsy Nichols: Okay, great. Well, I suppose the shortest definition for benchmarking is just to define a point of reference for measurement. So metrics, of course, are all about measurement and benchmarking is all about really making comparisons. One type of comparison is a best practice type comparison, where essentially you're saying, "Here's a definition of perfection," and you're trying to define some measurement as to how far you may deviate from it. Another is more of a normative kind of benchmark, where what you're doing is measuring a group of people and saying "What's typical and am I above or below the mean or in a certain percentile?" So that's one variant. There are other variations on benchmarks that have to do with timing. For example, some people do benchmarking in real time in order to detect anomalies from a norm and take corrective action. Another is a more sort of strategic application where what you're trying to do is find out norms over time and use benchmarks to make better decisions.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2008
Accession Number
AD1147304

Entities

People

  • Betsy Nichols
  • Julia H. Allen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Best Practices
  • Commerce
  • Computer Network Security
  • Copyrights
  • Cybersecurity
  • Department Of Homeland Security
  • Engineering
  • Governments
  • Group Processes (Social Psychology)
  • Homeland Security
  • Information Exchange
  • Information Security
  • Measurement
  • National Governments
  • Operating Systems
  • Peer Groups
  • Security
  • Software Development
  • State Governments
  • Universities

Readers

  • Computational Modeling and Simulation
  • Educational Psychology
  • Systems Analysis and Design