Skip to Main Content
In order to understand the achieved information security level in a product, system or organization better, information security managers must be able to get input from security objects. The use of information security metrics in certain enterprise, and its relation to the literature is studied. The techniques used in the implementation and analysis of metrics, as well as their usefulness and future targets are studied. Three standard models were proposed to get the numerical value for security level. The results of the models used in a manufacture factory with 6000 fellows show that there is an effective assessment to security system and great assistance to improve controlling information risk.