Measurability: Toward Integrating Metrics into Ratings for Scalable Proactive Cybersecurity Management

Yurcik, William; North, Stephen; O'Kane, Rhonda; Saydjari, Sami; Miranda, Fabio Roberto de; Avelino, Rodolfo da Silva; Pluta, Gregory

Home // SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Measurability: Toward Integrating Metrics into Ratings for Scalable Proactive Cybersecurity Management

Authors:
William Yurcik
Stephen North
Rhonda O'Kane
Sami Saydjari
Fabio Roberto de Miranda
Rodolfo da Silva Avelino
Gregory Pluta

Keywords: cybersecurity risk quantification, cybersecurity risk management, cybersecurity investment, cybersecurity metrics.

Abstract:
We share experience implementing cybersecurity metric-based algorithmic ratings to proactively manage the cybersecurity of a large critical national infrastructure - U.S. healthcare. We describe the cybersecurity metrics we use, how cybersecurity ratings are algorithmically produced from these metrics, and empirical evidence for the value of cybersecurity ratings to both benchmark and make comparisons. Specifically, we share examples of how cybersecurity ratings can be used to baseline the cybersecurity posture of large hospital systems and how cybersecurity ratings can be used to calculate return-on-investment (ROI).

Pages: 20 to 26

Copyright: Copyright (c) IARIA, 2025

Publication date: October 26, 2025

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-306-4

Location: Barcelona, Spain

Dates: from October 26, 2025 to October 30, 2025