Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study

  • Alyssa Cadena
  • Franklin Gualoto
  • Walter Fuertes
  • Luis Tello-OquendoEmail author
  • Roberto Andrade
  • Freddy Tapia
  • Jenny Torres
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 152)


The number of threats and vulnerabilities has increased rapidly in recent years. For this reason, organizations are in need of providing improvements in their computer security incident management (CSIM), in order to safeguard their intellectual capital. Therefore, the identification and use of both metrics and indicators are a crucial factor to manage security incidents. In this context, organizations try to improve their level of CSIM based on standards or only according to their criteria based on their experience. This article aims at carrying out a systematic mapping study of academic articles conducted in this research area, in order to present a document that describes metrics and indicators of security incidents in organizations. The results of this work show and describe several key indicators and metrics related to the cost, quality, and service (time) involved in dealing with such incidents. Also, it is expected that this study serves as a strategic reference for organizations.


Security incidents Metrics Indicators Security incident management Key performance indicators Empirical study 



The authors would like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) in the development of this work, under Research Team GT-II-Cybersecurity.


  1. 1.
    Miloslavskaya, N.: Security operations centers for information security incident management. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 131–136 (2016)Google Scholar
  2. 2.
    Bernsmed, K., Tondel, I.A.: Forewarned is forearmed: indicators for evaluating information security incident management. In: 2013 IEEE Seventh International Conference on IT Security Incident Management and IT Forensics, pp. 3–14 (2013)Google Scholar
  3. 3.
    Hajdarevic, K., Allen, P.: A new method for the identification of proactive information security management system metrics. In: 2013 IEEE 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp. 1121–1126. (2013)Google Scholar
  4. 4.
    Thomson, W., Kelvin, L.: Baltimore Lectures. CJC a. Sons, Ed., London (1904)Google Scholar
  5. 5.
    Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for conducting systematic mapping studies in software engineering: an update. Inf. Softw. Technol. 64, 1–18 (2015)CrossRefGoogle Scholar
  6. 6.
    Elberzhager, F., Münch, J., Nha, V.T.N.: A systematic mapping study on the combination of static and dynamic quality assurance techniques. Inf. Softw. Technol. 54(1), 1–15 (2012)CrossRefGoogle Scholar
  7. 7.
    Miani, R.S., Zarpelao, B.B., Sobesto, B., Cukier, M.: A practical experience on evaluating intrusion prevention system event data as indicators of security issues. In: 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), pp. 296–305 (2015)Google Scholar
  8. 8.
    Boutaba, R., Salahuddin, M.A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., Caicedo, O.M.: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. J. Internet Serv. Appl. 9(1), 16 (2018)CrossRefGoogle Scholar
  9. 9.
    Senk, C.: Adoption of security as a service. J. Internet Serv. Appl. 4(1), 11 (2013)CrossRefGoogle Scholar
  10. 10.
    Takamura, E., Mangum, K., Wasiak, F., Gomez-Rosa, C.: Information security considerations for protecting NASA mission operations centers (mocs). In: 2015 IEEE Aerospace Conference, pp. 1–14 (2015)Google Scholar
  11. 11.
    Skopik, F., Wurzenberger, M., Settanni, G., Fiedler, R.: Establishing national cyber situational awareness through incident information clustering. In: 2015 IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–8 (2015)Google Scholar
  12. 12.
    Zieger, A., Freiling, F., Kossakowski, K.P.: The β-time-to-compromise metric for practical cyber security risk estimation. In: 2018 IEEE 11th International Conference on IT Security Incident Management & IT Forensics (IMF). pp. 115–133 (2018)Google Scholar
  13. 13.
    Bustamante, F., Fuertes, W., Díaz, P., Toulkeridis, T.: Integration of IT frameworks for the management of information security within industrial control systems providing metrics and indicators. In: 2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pp. 1–4 (2017)Google Scholar
  14. 14.
    Munro, J.K.: Application of security metrics to instrument systems that use distributed processing. In: Future of Instrumentation International Workshop (FIIW), 2011, pp. 5–8 (2011)Google Scholar
  15. 15.
    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16 (2011)Google Scholar
  16. 16.
    Rose, K.H.: A guide to the Project Management Body of Knowledge (PMBOK® Guide)—Fifth Edition. Proj. Manag. J. 44(3), e1–e1 (2013)CrossRefGoogle Scholar
  17. 17.
    Lloyd, V.: ITIL Continual Service Improvement (Best Management Practices). The Stationery Office (2011)Google Scholar
  18. 18.
    ISACA: COBIT 5: A business framework for the governance and management of enterprise IT. ISACA (2012)Google Scholar
  19. 19.
    McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Time-to-compromise model for cyber risk reduction estimation. In: Quality of Protection, pp. 49–64. Springer (2006)Google Scholar
  20. 20.
    Øien, K., Massaiu, S., Tinmannsvik, R.K.: Guideline for implementing the REWI method; Resilience based Early Warning Indicators. SINTEF report A 22026 (2012)Google Scholar
  21. 21.
    Information Technology—Security Techniques—Information Security Incident Management. Standard, International Organization for Standardization, Geneva, CH (2011)Google Scholar
  22. 22.
    Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–147 (2012)Google Scholar
  23. 23.
    ANSI/ISA: Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models. Tech. rep., American National Standards Institute/International Society of Automation (ANSI/ISA) (2007)Google Scholar
  24. 24.
    ANSI/ISA: Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program. Tech. rep., American National Standards Institute/International Society of Automation (ANSI/ISA) (2009)Google Scholar
  25. 25.
    ISO/IEC: Information Technology—Security Techniques—Information Security Management—Measurement (ISO/IEC 27004: 2009). ISO/IEC (2009)Google Scholar
  26. 26.
    Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: NIST Special Publication 800–55 Revision 1. Performance Measurement Guide for Information Security, National Institute of Standards and Technology, US Department of Commerce. Computer Division, Gaithersburg, MD 20899, 8930 (2008)Google Scholar
  27. 27.
    Verdugo, R.P.: Estado de las tecnologías de la información y la comunicación en las universidades ecuatorianas. CEDIA (2017)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Alyssa Cadena
    • 1
  • Franklin Gualoto
    • 1
  • Walter Fuertes
    • 1
  • Luis Tello-Oquendo
    • 2
    Email author
  • Roberto Andrade
    • 3
  • Freddy Tapia
    • 1
  • Jenny Torres
    • 3
  1. 1.Universidad de las Fuerzas Armadas ESPESangolquíEcuador
  2. 2.Universidad Nacional de ChimborazoRiobambaEcuador
  3. 3.Escuela Politécnica NacionalQuitoEcuador

Personalised recommendations