The notion of security metrics is a very significant aspect for Enterprise information System (BIS). Information Security metrics are often underused and in some cases unseen, anyway could be a profitable instrument in assembling better enterprise security. This information aides measure the day by day impact and quality of current defends and shows the quality of these functions through all business methodologies. This paper discusses a ASPIRE methodical approach to identify the right metrics to measure security preparedness and move toward a strong justification for information security investment and better enterprise outcomes.

1. Tashi I. , "Security metrics to improve information security management", In Proceedings of the 6th Annual Security Conference, April 11-12, 2007, Las Vegas, NV.
2. Johansson, Erik. ," Assessment of Enterprise Information Security",2010.
3. Barabanov R. , "Information Security Metrics State of the Art", DSV Report series, Mar 25, 2011.
4. Chaula A and Kowalski S. , "security metrics and evaluation of information Systems security", SIDA Sponsored Research Project, 2010.
5. Swanson M and Bartol N. , "Security Metrics guide for Information Technology Systems", Available at: http://csrc. nist. gov/csspab/june13-15/sec-metrics. html
6. Rathbun D. , "Gathering Security Metrics and Reaping the Rewards", October 2009.
7. Shivani G and Ravi K. , "Vulnerability Management for an Enterprise Resource Planning System", International Journal of Computer Applications, Volume 53– No. 4, September 2012.
8. Marte T. , "Information Security Metrics An Empirical Study of Current Practice", Specialization Project, Trondheim, December 2012.
9. Patriciu V and Priescu L. , "Security Metrics For Enterprise Information Systems", Journal of Applied Quantitative Methods, Vol. 1, 2006.
10. Johansson,Erik. ," Assessment of enterprise information security",EDOC Enterprise Computing Conference, 2005
11. Vaughn Jr. , Rayford B. ," Information assurance measures and metrics", International Conference on System sciences ,2012.
12. Marnewic C. , "A Security Framework For An Erp System", International Conference on Information Systems, Dec 2011.
13. Liu,L. ," Security and privacy requirements analysis within a social setting",Requirements Engineering Conference, 2003.
14. Theodosios Tsiakis. ,"The economic approach of information security",2009.
15. Reijo M. Savola. ," Quality of security metrics and measurements", Computers & Security Volume 37, September 2013, Pages 78–90
16. Patil J. , "Information Security Framework: Case Study of A Manufacturing Organization", 2008.
17. VV Patriciu, I. Priescu, S. Nicol?escu, Security Monitoring - An Advanced Tactic for Network Security Management, Communications 2006 Conference, Bucharest, Romania , 2006
18. VV Patriciu, I. Priescu, S. Nicol?escu, Operational Security Metrics for Large Networks, International Conference on Computers, Communications & Control (ICCC 2006) - Oradea, Romania, 2012
19. ISO/IEC. Information Technology - Security Techniques, Code of practice for information security management (final draft), ISO, 2010.
20. Erland Jonsson and Laleh Pirzadeh. ," A framework for security metrics based on operational system attributes", Third International Workshop, 2011.
21. Theodosios Tsiakis," Information Security Expenditures: a Techno-Economic Analysis"International Journal of Computer Science and Network Security, VOL. 10 No. 4, April 2010.
22. Chad Robinson," Collecting Effective Security Metrics" CSO Analyst Reports, 2012.
23. Juan wang, haowang. " Security metrics for software systems", 47th Annual Southeast Regional Conference, 2009.
24. G. Hinson, "Seven myths about information security metrics," ISSA Journal, Jul. 2010.
25. D. A. Chapin and S. Akridge, "How can security be measured?" Information Systems Control Journal, 2011.
26. R. Savola, "A security metrics taxonomization model for software-intensive systems," Journal of Information Processing Systems, Vol. 5, No. 4, 2009, 10 p.
27. ISO/IEC International Standard 17799:2000 Code of practice for information security management, 2000.
28. Johnson P. , et al. , "Using Enterprise Architecture for CIO Decision-Making: On the importance of theory", Proceedings of the 2nd Annual Conference on Systems Engineering Research (CSER), April 15-16, 2004.
29. Johansson E. , et al. , "Assessment of EIS - An ATD Definition", Proceedings of the 3rd Annual Conference on Systems Engineering Research (CSER), March 23-25, 2005.
30. Johansson E. , et al. , "Assessment of Enterprise Information Security – The Importance of Information Search Cost", Hawaii International Conference on System Sciences (HICSS), January 4-7, 2010.
31. NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems", National Institute of Standards and Technology, 2011

Information Security Security Metrics Business Information Systems (bis)