LAUSR

Distributed information systems and their management have become a reality of today’s enterprises. Adoption of different computing and communication technologies has become an essential strategy for many enterprises to manage their data. These facilitate efficient computing for the use of information. With the convergence of ubiquitous mobility, inexpensive computing and technologies in the IT infrastructure, numerous cost-effective and highly interactive business applications and services are coming into the picture. However, this rapid development is raising demand for enforcing considerable novel security controls and best practices in order to ensure the security and the privacy of Enterprise Information Systems (EIS). Security of EIS covers a wide range of terms in order to help information security professionals to deal with the expanding nature of risks and the unknown hurdles in the way. The extensive use of remote services is by the use of knowledge tools to support productivity. Corporate applications are also used to populate diverse characteristics, but should not contain personally identifiable information. Mature businesses are adopting novel computing models in business-critical functionalities, such as logistics, purchasing and document management. In such cases, the applications are accessed by the users and data including personal and sensitive information is stored remotely, such as over the Cloud, that requires flexibility and lower cost of maintenance (Stergiou et al. 2018; Kaushik and Gandhi 2019; Tewari and Gupta 2019; Ma et al. 2019). Because of new computing models, the establishment of security at all levels, including the host, network, data and application, becomes uncertain, which makes security a key concern for the enterprise individuals. Newer models are costeffective, however, are susceptible to vulnerabilities, malicious software, cyber-terrorists, hackers and cyber-attacks, that can steal the private information and can disrupt the services in order to harm the enterprise network (Psannis, Stergiou, and Gupta 2018; Gupta et al. 2020). Security management has become a critical area in the Internet economy. Enterprises are under constant pressure to demonstrate that the methods adopted by them are reliable enough to protect the data assets. In order to manage security within an enterprise, it is needed to be measured statistically. IT metrics provide a way to assess the current status of security in order to develop best practices for functioning and guiding the future research associated with the establishment of security. They help in the threats and the vulnerabilities based on the statistical measurement. Within an , IT security metrics can be adopted at different levels which provide a complete picture of the baseline measurements and meta-data information in order to interpret the results. Lower level metrics can be collected, aggregated and mapped to progressively higher levels, based on the complexity and size of the organisation. Key characteristics of useful ENTERPRISE INFORMATION SYSTEMS 2021, VOL. 15, NO. 4, 445–447 https://doi.org/10.1080/17517575.2020.1791364