Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives

The purpose of this project is to develop a tool henceforth called SecureMet to help an organization to determine the security metrics aligned with its security objectives based on the organization’s capabilities. The majority of organizations face a common problem in determining their security metrics aligned with their security objectives. SecureMet will be able to assist the organization in choosing the suitable security metrics and helping it to enhance its capabilities to achieve its security objectives. The tool is developed based on the Quality Function Development (QFD) approach, while existing frameworks such as the SSE-CMM and COBIT are used as guides in the determination and choice of the security capabilities and security objectives. The methodology employed for this project is based on the Rapid Application Develoment (RAD) model and is divided into four parts, namely, the requirement analysis phase, the design phase, the development phase and the verification phase.