Use a terminology that is consistent with ISO19086

[apannetrat]

The metrics catalog uses the following terms that are largely based on ISO 19086:

• Attribute: Property or characteristic of an object that can be distinguished quantitatively or qualitatively by human or automated means.
• Measurement: The logical sequence of operations used in quantifying or qualifying an attribute.
• Measurement Result: The qualitative or quantitative value obtained as the output of a measurement.
• Metric: A standard of measurement that defines the conditions and the rules for performing the measurement and for understanding the results of a measurement.

On the other hand, the YAML format uses measure in many property names, which is not consistent with the catalog. I would suggest replacing measure with attribute or measurementResult where appropriate. (Note: measure is indeed defined in other standards such as ISO27005 but often creates confusion because it's a word that is used a lot in security with a different meaning.)

In addition, I would suggest to

• Replace metricFrequency with metricMeasurementFrequency or simply measurementFrequency.
• Replace metricPeriod with metricSamplingPeriod' or simply samplingPeriod.

In general, I'm not sure it adds any value to prefix all properties with the name of the enclosing object (e.g. we have metric -> metricFormula, why not simply formula?).

[pritikin]

3/16 notes

General agreement that using the terms "measurementResult" is consistent with metric catalog v1 pdf section 2.1 discussion: "As a process, a measurement involves the gathering of data such as system logs, test results, configuration files, security events, and sometimes the results of other measurements. These elements are often collectively referred to as evidence. ISO/IEC 27000 and many other sources refer to the result of a measurement as a measure. More recent initiatives, such as ISO 27004, NIST SP 500-307, ISO/IEC 19086, and CSA’s STAR, prefer the term measurement result, as the word measure has multiple meanings in information security and is a source of confusion when it comes to metrics. We also use the term measurement result in this work."

Similarly the other suggestions make sense but we didn't have time to agree on exact terms. General agreement that additional clarity make sense (and long variable names in code are ok).