A Novel Security Metrics Taxonomy for R&D Organisations

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If appropriate security metrics can be to offer a quantitative and objective basis for security assurance, it would be easier to make business and engineering decisions concerning information security. We believe that being able to express a high-level taxonomy of security metrics will help the actual process of developing feasible composite metrics even for complex situations. A well-defined taxonomy can be used to enhance the composition of feasible security metrics all the way from business management to the lowest level of technical detail. Information security management, business management and, on the other hand, software security and network security engineering have been handled as separate areas. Common metrics approaches can be used to bridge the gaps in between.
    Original languageEnglish
    Title of host publicationProceedings of the Innovative Minds Conference, ISSA 2008
    Pages379-390
    Publication statusPublished - 2008
    MoE publication typeA4 Article in a conference publication
    EventInnovative Minds Conference, ISSA 2008 - Pretoria, South Africa
    Duration: 7 Jul 20089 Jul 2008

    Conference

    ConferenceInnovative Minds Conference, ISSA 2008
    Abbreviated titleISSA 2008
    CountrySouth Africa
    CityPretoria
    Period7/07/089/07/08

    Fingerprint

    Taxonomies
    Security of data
    Industry
    Network security
    Composite materials
    Chemical analysis

    Cite this

    Savola, R. (2008). A Novel Security Metrics Taxonomy for R&D Organisations. In Proceedings of the Innovative Minds Conference, ISSA 2008 (pp. 379-390)
    Savola, Reijo. / A Novel Security Metrics Taxonomy for R&D Organisations. Proceedings of the Innovative Minds Conference, ISSA 2008. 2008. pp. 379-390
    @inproceedings{a664dcc277d64bd28196bc5a83210ff0,
    title = "A Novel Security Metrics Taxonomy for R&D Organisations",
    abstract = "In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If appropriate security metrics can be to offer a quantitative and objective basis for security assurance, it would be easier to make business and engineering decisions concerning information security. We believe that being able to express a high-level taxonomy of security metrics will help the actual process of developing feasible composite metrics even for complex situations. A well-defined taxonomy can be used to enhance the composition of feasible security metrics all the way from business management to the lowest level of technical detail. Information security management, business management and, on the other hand, software security and network security engineering have been handled as separate areas. Common metrics approaches can be used to bridge the gaps in between.",
    author = "Reijo Savola",
    year = "2008",
    language = "English",
    isbn = "978-1-86854-693-0",
    pages = "379--390",
    booktitle = "Proceedings of the Innovative Minds Conference, ISSA 2008",

    }

    Savola, R 2008, A Novel Security Metrics Taxonomy for R&D Organisations. in Proceedings of the Innovative Minds Conference, ISSA 2008. pp. 379-390, Innovative Minds Conference, ISSA 2008, Pretoria, South Africa, 7/07/08.

    A Novel Security Metrics Taxonomy for R&D Organisations. / Savola, Reijo.

    Proceedings of the Innovative Minds Conference, ISSA 2008. 2008. p. 379-390.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - A Novel Security Metrics Taxonomy for R&D Organisations

    AU - Savola, Reijo

    PY - 2008

    Y1 - 2008

    N2 - In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If appropriate security metrics can be to offer a quantitative and objective basis for security assurance, it would be easier to make business and engineering decisions concerning information security. We believe that being able to express a high-level taxonomy of security metrics will help the actual process of developing feasible composite metrics even for complex situations. A well-defined taxonomy can be used to enhance the composition of feasible security metrics all the way from business management to the lowest level of technical detail. Information security management, business management and, on the other hand, software security and network security engineering have been handled as separate areas. Common metrics approaches can be used to bridge the gaps in between.

    AB - In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If appropriate security metrics can be to offer a quantitative and objective basis for security assurance, it would be easier to make business and engineering decisions concerning information security. We believe that being able to express a high-level taxonomy of security metrics will help the actual process of developing feasible composite metrics even for complex situations. A well-defined taxonomy can be used to enhance the composition of feasible security metrics all the way from business management to the lowest level of technical detail. Information security management, business management and, on the other hand, software security and network security engineering have been handled as separate areas. Common metrics approaches can be used to bridge the gaps in between.

    M3 - Conference article in proceedings

    SN - 978-1-86854-693-0

    SP - 379

    EP - 390

    BT - Proceedings of the Innovative Minds Conference, ISSA 2008

    ER -

    Savola R. A Novel Security Metrics Taxonomy for R&D Organisations. In Proceedings of the Innovative Minds Conference, ISSA 2008. 2008. p. 379-390