Aleem, A., Wakefield, A., & Button, M. (2013). Addressing the weakest link: Implementing converged security. Security Journal, 26, 236-248.
American Educational Research Association (AERA), American Psychological Association (APA), & National Council on Measurement in Education (NCME). (1999). Standards for educational and psychological testing. Washington, D.C.
Anderson, T. (2004). From small clues to big picture. Security Management. Retrieved from http://www.securitymanagement.com/article/small-clues-big-picture.
ASIS International and Institute of Finance & Management. (2013). The United States security industry: Size and scope, insights, trends, and data. Alexandria, VA: ASIS International.
Azuwa, M., Ahmad, R., Sahib, S., & Shamsuddin, S. (2012). Technical security metrics model in compliance with ISO/IEC 27001 standard. International Journal of Cyber-Security and Digital Forensics, 1(4), 280-288.
Baker, W., Rees, L., & Tippett, P. (2007). Necessary measures: Metric-driven information security risk assessment and decision making. Communications of the ACM, 50(10), 101-106.
Berinato, S. (2005). A few good information security metrics. CSO Online. Retrieved from http://www.csoonline.com/article/220462/a-few-good-information-security-metrics.
Bewley, S. (2013). Lack of big data means big problems for pay tv. Multichannel News.
Blades, M. (2012). Delivering meaningful metrics. Security Magazine. Retrieved from http://www.securitymagazine.com/articles/82934-delivering-meaningful-metrics.
Brenner, B. (2010). Security metric techniques: How to answer the 'so what?' CSO Online. Retrieved from http://www.csoonline.com/article/602901/security-metric-techniques-how-to-answer-the-so-what-.
Burns, F., Bystrov, A., Koelmans, A., & Yakolev, A. (2011). Design and security evaluation of balanced 1-of-n circuits. IET Computers and Digital Techniques, 6(2), 125-135.
Campbell, G. (2006). How to use metrics. CSO Online. Retrieved from http://www.csoonline.com/article/220980/how-to-use-metrics.
Campbell, G. (2007). Measures and metrics in corporate security: Communicating business value. Framingham, MA: CSO Executive Council.
Campbell, G. (2011). Metrics for success. Securityinfowatch. Retrieved from http://www.securityinfowatch.com/article/10517904/metrics-for-success.
Campbell, G. (2012). Metrics for success: Security operations control center metrics. Securityinfowatch. Retrieved from http://www.securityinfowatch.com/article/10840065/metrics-for-success-security-operations-control-center-metrics.
Carnegie Mellon University. (1995). Security metrics. In systems security engineering-capability maturity model. Retrieved from http://web.archive.org/web/20120423172421/http:/www.sse-cmm.org/metric/metric.asp.
Case study: Hershey Entertainment & Resorts. (n.d.). iVIEWSYSTEMS. Retrieved from http://www.iviewsystems.com/case-study---hershey-entertainment---resorts.
Casola, V., Mazzeo, A., Mazzocca, N., & Vittorini, V. (2007). A policy-based methodology for security evaluation: A security metric for public key infrastructures. Journal of Computer Security, 15, 197-229.
Chew, E., Clay, A., Hash, J., Bartol, N., & Brown, A. (2006). Guide for Developing Performance Metrics for Information Security. NIST Special Publication 800-80 Revision 1. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf.
Cisco 2010 annual security report: Highlighting global security threats and trends. (2010). Retrieved from http://www.cisco.com/go/securityreport.
CIS consensus information security metrics (n.d.). Security Benchmarks. Retrieved from http://benchmarks.cisecurity.org/downloads/metrics.
Collins, B. (2004). Information security program metrics. In Security Business Practices Reference 6, 20-21. Alexandria, VA: ASIS International.
Conference Board Council of Corporate Security Executives. (2012). Leveraging corporate security for business growth and improved performance: The transformative effect of 9/11. Retrieved from http://www.ssr-personnel.com/CSO_RT_ISMA_TCB_Paper.pdf.
Dallas county uses DHS grant to grab incident management software (2008). Security Magazine. Retrieved from http://www.securitymagazine.com/articles/dallas-county-uses-dhs-grant-to-grab-incident-management-software-1.
Davenport, T. (2009). Make better decisions. Harvard Business Review. Retrieved from http://hbr.org/2009/11/make-better-decisions/ar/1.
Davenport, T., & Harris, J. (2010). Analytics and the bottom line: How organizations build success. Key Learning Summary published by Harvard Business Review.
Deming, P. (2012). Proving security's value: Demonstrating the value of security in terms of cost savings can make a difference when budget dollars are allocated. Security Management. Retrieved from https://cso.asisonline.org/KnowledgeCenter/Library/2012/Documents/0912ProvingSecurity'sValue_Managing.pdf
Dix, J. (2013). Big data the security answer? NETWORKWORLD. Retrieved from http://www.networkworld.com/columnists/2013/031113-edit.html.
Doinea, M., & Pavel, S. (2010). Security optimization for distributed applications oriented on very large data sets. Informatica Economică, 14(2), 72-85.
Drugescu, C., & Etges, R. (2006). Maximizing the return on investment of information security programs: program governance and metrics. Information System Security, 30-40.
Embracing big data can lead to greater security (2013). COMPUTERWEEKLY.
Enescu, M., Enescu, M., & Sperdea, N. (2011). The specifics of security management: The functions of information security required by organizations. Economics, Management, and Financial Markets 6(2), 200-205.
Garcia, M. L. (2006). Vulnerability assessment of physical protection systems. Boston, MA: Butterworth-Heinemann.
Garcia, M. L. (2008). The design and evaluation of physical protection systems (2d ed). Boston, MA: Butterworth-Heinemann.
Garigue, R., & Stefaniu, M. (2003). Information security governance reporting. Security Management, 36-40.
Gauging security ROI (2007). Journal of Accountancy, 19.
Getting started using performance metrics (2005). Security Director's Report, 5(4), 11-12.
GIA (2010). How social media is redefining benchmarking [White Paper]. Retrieved from http://www.globalintelligence.com/press/latest/2010/gia-white-paper-explains-how-social-media-are-redefining-competitive-benchmarking.
Gips, M. (2004). Powering up log auditing. Security Management. Retrieved from http://www.securitymanagement.com/article/powering-log-auditing.
Gill, M., Burns-Howell, T., Keats, G. & Taylor, E. (2007). Demonstrating the value of security. Leicester, UK: Perpetuity Research & Consultancy International.
Government Accountability Office. (2011). Data mining: DHS needs to improve executive oversight of systems supporting counterterrorism. Retrieved 2013, June 10 from http://www.gao.gov/new.items/d11742.pdf.
Guidelines and Metrics Working Group, ASIS Defense and Intelligence Council (2012). "Watch us build an effective security performance metric that will work for you and your boss, then build your own, or influencing effective corporate management behavior through compelling performance metrics," presentation at the ASIS International 58th Annual Seminar and Exhibits, Philadelphia.
Harowitz, S. (2006). Challenges and trends. Security Management. Retrieved from http://www.securitymanagement.com/article/challenges-and-trends.
Hastings, R. (2013). Achieving sector resilience through enhancing physical protection: An analysis of the Canadian banking sector (Masters Thesis). Carleton University, Ottawa, Ontario.
Hayes, B., & Kotwica, K. (2012). Advances and stalemates in security. Security Magazine, 34.
Hayes, B., & Kotwica, K. (2011). Benchmarks aren't magic, they're tools. Security Magazine. Retrieved from http://www.securitymagazine.com/articles/82320-benchmarks-arent-magic-theyre-tools.
Health Resource Network, Inc. (2000). ASIS healthcare security committee healthcare security benchmarking study. Florham Park, New Jersey.
How metrics can link security to the business (2011). Security Director's Report, 11(4), 10-12.
Huff, A. (2013). Big data I: Exception monitoring. Commercial Carrier Journal. Retrieved from http://www.highbeam.com/doc/1G1-324762775.html.
Interagency Security Committee. (2013). The risk management process for federal facilities: An Interagency Security Committee standard. Retrieved from http://www.dhs.gov/sites/default/files/publications/ISC_Risk-Management-Process_Aug_2013.pdf.
ISO/IEC. (2005a). Information technology — Security techniques — Information security management systems — Requirements. ISO/IEC 27001. Retrieved from http://www.iso27001security.com/html/27001.html.
ISO/IEC. (2005b). Information technology — Security techniques — Code of practice for information security management. ISO/IEC 27002. Retrieved from http://www.iso27001security.com/html/27002.html.
ISO27K (2007). ISO/IEC 27001 & 27002 implementation guidance and metrics. Prepared by the international community of ISO27k implementers at ISO27001security.com.
Jansen, W. (2009). Directions in Security Metrics Research. NIST. Retrieved 2013, June 10 from http://csrc.nist.gov/publications/nistir/ir7564/nistir-7564_metrics-research.pdf.
Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Addison-Wesley.
Keller, J. (2010). Intelligence gathering in the cloud: Data tactics wins Army cloud computing data mining contract. Military & Aerospace Electronics.
Kiron, D., Shockley, R., Kruschwitz, N., Finch, G., & Haydock, M. (2011). Analytics: the widening divide; How companies are achieving competitive advantage through analytics. IBM Global Business Services/MIT Sloan Management Review. Retrieved from http://public.dhe.ibm.com/common/ssi/ecm/en/gbe03448usen/GBE03448USEN.PDF
Kovacich, G., & Halibozek, E. (2006). Security Metrics Management. Boston, MA: Butterworth-Heinemann.
Martin, C., Bulkan, A., & Klempt, P. (2011). Security excellence from a total quality management approach. Total Quality Management, 22(3), 345-371.
Mayor, T. (2006). Ideas you can steal from Six Sigma: Tips for improving the effectiveness and efficiency of physical and information security. CSO Online. Retrieved from http://www.csoonline.com/article/221094/ideas-you-can-steal-from-six-sigma.
McCourt, M. (2011). Measuring up: How the best security leaders deliver business value. Security Magazine, 16-27.
McLean, G. & Brown, J. (2003). Determining the ROI in IT security. CAmagazine. Retrieved from http://www.camagazine.com/archives/print-edition/2003/april/upfront/news-and-trends/camagazine23257.aspx.
McIIravey, B., & Ohlhausen, P. (2012). Metrics and analysis in security management [White Paper]. Retrieved from http://www.ppm2000.com/resources/white_papers.asp.
McIIravey, B., & Ohlhausen, P. (2013). Strengthening intelligence and investigations with incident management software [White Paper]. Retrieved from http://www.ppm2000.com/resources/white_papers.asp.
Neeley, P. (2013). From details to desires: the power of big data. Marketing Week, 11. Retrieved from http://connection.ebscohost.com/c/articles/88255689/from-details-desires-power-big-data.
Pacl, B. (2003). Security ROI: Know what to measure. Communications News, 18.
Payne, S. (2006). A guide to security metrics [White Paper]. Retrieved from http://www.sans.org/reading_room/whitepapers/auditing/guide-security-metrics_55.
Pironti, J. (2007). Developing metrics for effective information security governance. ISACA, 2. Retrieved from http://www.isaca.org/Journal/Past-Issues/2007/Volume-2/Pages/Developing-Metrics-for-Effective-Information-Security-Governance1.aspx.
Prince, B. (2009). Developing security metrics for enterprise risk management. eWEEK. Retrieved from http://www.eweek.com/c/a/Security/Developing-Security-Metrics-for-Enterprise-Risk-Management-745202.
Rathbun, D. (2009). Gathering security metrics and reaping the rewards [White Paper]. Retrieved from http://www.sans.org/reading_room/whitepapers/leadership/gathering-security-metrics-reaping-rewards_33234.
Ravenel, J. (2006). Effective operational security metrics. Security Management, 10-17.
Refining risk management (2011). Security Management, 20-21. Retrieved from https://cso.asisonline.org/KnowledgeCenter/Library/2011/Documents/1111RefiningRiskManagement_Intel.pdf.
Rothke, B. (2009). The security laugh metric. Network World Asia, 36.
Scaglione, B. (2012). Metrics: The evaluation of access control and identification. Security Magazine. Retrieved from http://www.securitymagazine.com/articles/83134-metrics--the-evaluation-of-access-control-and-identification.
Schmidt, F., & Hunter, J. (1998). The validity and utility of selection methods in personnel psychology: Practical and theoretical implications of 85 years of research findings. Psychological Bulletin, 124(2), 262-274.
Society for Industrial & Organizational Psychology (SIOP) (2003). Principles for the validation and use of personnel selection procedures (4th edition). Bowling Green, OH.
Sternstein, A. (2013). Taking a flier on big data. Government Executive, 45(3), 24-26.
Straub, D., Hoffman, D., Weber, B., and Steinfield, C. (2002). Toward new metrics for net-enhanced organizations. Information Systems Research, 13(3), 227-238.
Thompson, H. (2010). Practical security metrics: Effective security practices series. Retrieved 2013, June 10 from http://www.microsoft.com/en-us/download/details.aspx?id=1537
Ting, W. & Comings, D. (2010). Information assurance metric for assessing NIST's monitoring step in the risk management framework. Information Security Journal: A Global Perspective, 19, 253-262.
Treece, D. & Freadman, M. (2010). Metrics is not a four-letter word. Security Magazine, 90-94.
Uniform guidelines on employee selection procedures (1978). Retrieved 2013, June 10 from http://www.shrm.org/LegalIssues/FederalResources/FederalStatutesRegulationsandGuidanc/Pages/Uniformguidelinesonselectionprocedures.aspx.
Van Till, S. (2013). How will big data change security? SecurityMagazine. Retrieved from http://www.securitymagazine.com/articles/84179-how-will-big-data-change-security.
Vellani, K. (2004). Achieving return on investment from crime analysis. In Security business practices reference, 35-36. Alexandria, VA: ASIS International.
Wagley, J. (2007). Sizing up enterprise rights management. Security Management. Retrieved from http://www.securitymanagement.com/article/sizing-enterprise-rights-management.
Wailgum, T. (2005). Metrics for corporate and physical security programs. CSO Online. Retrieved from http://www.csoonline.com/article/220023/metrics-for-corporate-and-physical-security-programs.
Wheeler, T. (2008). Organization security metrics: Can organizations protect themselves? Information Security Journal: A Global Perspective, 17, 228-242.
Whitman, M. & Mattord, H. (2012). Information security governance for the non-security business executive. Journal of Executive Education, 11(1), 97-111.