Exploring Cybersecurity Metrics for Strategic Units: A Generic Framework for Future Work

  • Mohammad Arafah
  • Saad Haj BakryEmail author
  • Reham Al-Dayel
  • Osama Faheem
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 70)


Strategic units at the various levels of the cyberspace, from the personal level to the world level, through the enterprise and the country levels, need to protect their information security. In this respect, cybersecurity metrics for such units are important for continuous monitoring, assessment, and response to the various security challenges that they may face. This paper explores the development of such metrics and provides a framework that establishes a common base for the development of such metrics for different strategic units. The paper identifies cybersecurity and strategic units; elaborates on cybersecurity issues; discusses strategic units’ cybersecurity problems that require metrics; introduces a generic framework for such metrics; and considers future use of the framework. The paper hopes to highlight the issue of cybersecurity metrics for strategic units, and to help researchers identify related problems for future work.


Cybersecurity Strategic units Metrics Standards 


  1. 1.
    Merriam-Webster’s Dictionary,, last accessed 2018/1/1
  2. 2.
    ITU-T X.1205: Overview of Cybersecurity, Series X: Data Networks, Open System Communications and Security, Telecommunication Security (2008)Google Scholar
  3. 3.
    ISO/IEC 27032: Guidelines for Cybersecurity, Information Technology-Security Techniques (2012)Google Scholar
  4. 4.
    NIST: A Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology (2014)Google Scholar
  5. 5.
    Bakry, S.H.: Building the Culture of Responsibility into the Knowledge Society, Global Knowledge Society Forum. ARAMCO, Dhahran, Saudi Arabia (2013)Google Scholar
  6. 6.
    ISO/IEC 27000: Information Technology-Security Techniques-Information Security Management System—Overview and Vocabulary. International Standards Organization, Switzerland (2009)Google Scholar
  7. 7.
    CERT, Computer Emergency Response Team, Carniegie-Mellon University,, last accessed 2018/1/1
  8. 8.
    ISO/IEC 27001: Information Security Management: System Requirements, Security Techniques. Information Technology, International Standards Organization, Switzerland (2013)Google Scholar
  9. 9.
    Uma, M., Padmavathi, G.: A survey on various cyber attacks and their classification. Int. J. Netw. Secur. 15(6), 391–397 (2013)Google Scholar
  10. 10.
    Bresciani, M., Gardner, M., Hickmott, J.: Demonstrating Student Success: A Practical Guide to Outcomes-Based Assessment of Learning and Development in Student Affairs. Stylus Publishing, Sterling, Virginia (2009)Google Scholar
  11. 11.
    HM Government, Small Business: What do you need to know about cybersecurity, UK (2015)Google Scholar
  12. 12.
    Biga, N., Jovanovic, M., Perkovic, M., Mitic, D.: Modern business environment: information technology as a shield against cyber security threats. In: Proceedings of the 8th International Conference on Business Information Security, BISEC 2016, Belgrade, Serbia (2016)Google Scholar
  13. 13.
    Statista (online): Statistics and studies from more that 18000 sources,, last accessed 2018/1/1
  14. 14.
    Wang, Y., Vangury, K., Nikolai, J.: MobileGuardian: a security policy enforcement framework for mobile devices. In: 2014 International Conference on Collaboration Technologies and Systems (CTS), pp. 197–202 (2014)Google Scholar
  15. 15.
    La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutor. 15(1), 446–471 (2013)Google Scholar
  16. 16.
    Bakry, S.H.: Developing security policies for private networks. Int. J. Netw. Manag. 13(3), 203–210 (2003)CrossRefGoogle Scholar
  17. 17.
    De Feo, J.A., Barnard, W.W.: Six-Sigma: Breakthrough and Beyond: Quality Performance Breakthrough Methods, Juran Institute. Mc-Graw-Hill, New York (2004)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Mohammad Arafah
    • 1
  • Saad Haj Bakry
    • 1
    Email author
  • Reham Al-Dayel
    • 1
  • Osama Faheem
    • 1
  1. 1.Department of Computer EngineeringKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations