Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use a terminology that is consistent with ISO19086 #48

Open
apannetrat opened this issue Mar 16, 2022 · 1 comment
Open

Use a terminology that is consistent with ISO19086 #48

apannetrat opened this issue Mar 16, 2022 · 1 comment

Comments

@apannetrat
Copy link
Contributor

The metrics catalog uses the following terms that are largely based on ISO 19086:

  • Attribute: Property or characteristic of an object that can be distinguished quantitatively or qualitatively by human or automated means.
  • Measurement: The logical sequence of operations used in quantifying or qualifying an attribute.
  • Measurement Result: The qualitative or quantitative value obtained as the output of a measurement.
  • Metric: A standard of measurement that defines the conditions and the rules for performing the measurement and for understanding the results of a measurement.

On the other hand, the YAML format uses measure in many property names, which is not consistent with the catalog. I would suggest replacing measure with attribute or measurementResult where appropriate. (Note: measure is indeed defined in other standards such as ISO27005 but often creates confusion because it's a word that is used a lot in security with a different meaning.)

In addition, I would suggest to

  • Replace metricFrequency with metricMeasurementFrequency or simply measurementFrequency.
  • Replace metricPeriod with metricSamplingPeriod' or simply samplingPeriod.

In general, I'm not sure it adds any value to prefix all properties with the name of the enclosing object (e.g. we have metric -> metricFormula, why not simply formula?).
@apannetrat apannetrat changed the title User a terminology that is consistent with ISO19086 Use a terminology that is consistent with ISO19086 Mar 16, 2022
@pritikin
Copy link
Contributor

3/16 notes

General agreement that using the terms "measurementResult" is consistent with metric catalog v1 pdf section 2.1 discussion:
"As a process, a measurement involves the gathering of data such as system logs, test results, configuration files, security events, and sometimes the results of other measurements. These elements are often collectively referred to as evidence. ISO/IEC 27000 and many other sources refer to the result of a measurement as a measure. More recent initiatives, such as ISO 27004, NIST SP 500-307, ISO/IEC 19086, and CSA’s STAR, prefer the term measurement result, as the word measure has multiple meanings in information security and is a source of confusion when it comes to metrics. We also use the term measurement result in this work."

Similarly the other suggestions make sense but we didn't have time to agree on exact terms. General agreement that additional clarity make sense (and long variable names in code are ok).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pritikin @apannetrat