Security Metrics Model for Web Page Vulnerability Classification and Ranking

Metrology, the science of measurement, is very important in the development of science and engineering principles if any meaningful progress will be made in these fields. This concept also applies to computer security if decision makers are to rely on judgment based on metrics. Management needs to establish how secured their organizations are, the amount of resources to allocate to various competing sectors, as well as the improvement gained by security expenditure over time. The Internet has revolutionized business transactions in the globalised world economy thereby exposing business transaction to even more danger. The extensive use of Information Technology (IT) in various processes has further increased the question of security implementations in organizations. The proliferation of various new ICT products and applications appear in the market daily via web applications. This resulted in several cases of Web security violations and privacy breaches as well as fraud. Computer Security has generated serious research area today since electronic transactions are becoming the standard. Security measurement has become extremely important as they are vital for assessing the security status of an organization. Metrics can educate enterprises to scale threats and vulnerabilities as well as the risks they pose to enterprise information systems. This paper examines security metrics available to information systems and proposes a metric model for web page vulnerability measurement and ranking. KeywordsSecurity Metrics, Threats And Vulnerabilities, Security Metric Classification and Ranking.