The Whats and Whys of Metrics
This chapter sets the stage for the remainder of the book by illuminating the fundamental concepts, historical notes, philosophic underpinnings, and application context of security and privacy metrics. This chapter introduces key metrics concepts and how they relate to security and privacy. A quick refresher course on measurement basics is presented ﬁrst. Then topics such as data collection and validation, measurement boundaries, and the uses and limits of metrics are explored. Best practices to implement, as well as snares to sidestep, are highlighted along the way. Similarities and differences between security and privacy metrics and other metrics, such as reliability engineering, safety engineering, and software engineering metrics, are examined. They are all ﬁrst cousins of security and privacy metrics and there are lessons to be learned. Finally, the universe of security and privacy metrics is revealed, and it is probably considerably more expansive than you may have imagined.