A Novel Security Metrics Taxonomy for R&D Organisations

Reijo Savola

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review


    In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If appropriate security metrics can be to offer a quantitative and objective basis for security assurance, it would be easier to make business and engineering decisions concerning information security. We believe that being able to express a high-level taxonomy of security metrics will help the actual process of developing feasible composite metrics even for complex situations. A well-defined taxonomy can be used to enhance the composition of feasible security metrics all the way from business management to the lowest level of technical detail. Information security management, business management and, on the other hand, software security and network security engineering have been handled as separate areas. Common metrics approaches can be used to bridge the gaps in between.
    Original languageEnglish
    Title of host publicationProceedings of the Innovative Minds Conference, ISSA 2008
    Publication statusPublished - 2008
    MoE publication typeA4 Article in a conference publication
    EventInnovative Minds Conference, ISSA 2008 - Pretoria, South Africa
    Duration: 7 Jul 20089 Jul 2008


    ConferenceInnovative Minds Conference, ISSA 2008
    Abbreviated titleISSA 2008
    Country/TerritorySouth Africa


    Dive into the research topics of 'A Novel Security Metrics Taxonomy for R&D Organisations'. Together they form a unique fingerprint.

    Cite this