A Novel Security Metrics Taxonomy for R&D Organisations

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    In order to obtain evidence of the security and privacy issues of products, services or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If appropriate security metrics can be to offer a quantitative and objective basis for security assurance, it would be easier to make business and engineering decisions concerning information security. We believe that being able to express a high-level taxonomy of security metrics will help the actual process of developing feasible composite metrics even for complex situations. A well-defined taxonomy can be used to enhance the composition of feasible security metrics all the way from business management to the lowest level of technical detail. Information security management, business management and, on the other hand, software security and network security engineering have been handled as separate areas. Common metrics approaches can be used to bridge the gaps in between.
    Original languageEnglish
    Title of host publicationProceedings of the Innovative Minds Conference, ISSA 2008
    Pages379-390
    Publication statusPublished - 2008
    MoE publication typeA4 Article in a conference publication
    EventInnovative Minds Conference, ISSA 2008 - Pretoria, South Africa
    Duration: 7 Jul 20089 Jul 2008

    Conference

    ConferenceInnovative Minds Conference, ISSA 2008
    Abbreviated titleISSA 2008
    CountrySouth Africa
    CityPretoria
    Period7/07/089/07/08

      Fingerprint

    Cite this

    Savola, R. (2008). A Novel Security Metrics Taxonomy for R&D Organisations. In Proceedings of the Innovative Minds Conference, ISSA 2008 (pp. 379-390)