The Method of Implementation of the Numerical IT-Security Metrics in Management Systems

The relevance of the publication is called by the attention to the problem of formation of reliable measurement results (estimates) of the IT-Security management systems' (ISMS) effectiveness. Decision-makers must operate reliable results of carrying out the measurements of ISMS based on objective quantitative metrics of IT-Security. Known methods for evaluation of the safety systems are presented excluding the PDCA cycle requirements and apart from the general requirements directly to the ISMS. The study of the applicable standards (ISO, NIST, and GOST) and the current practice allowed us to propose an approach to the explanation of a technique of formation of IT-Security metrics, that numerically let us to assess the effectiveness of the ISMS. The results can find a practical application in the independent efficiency evaluation of the ISMS.