A taxonomical approach for information security metrics development

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

How secure is a software product or a telecommunication network, or their fusion? In order to obtain evidence of the security performance (or level) of products or an organization, systematic approaches to measuring security are needed. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives. We aim to bridge the gaps between business management, information security management and ICT product security practices. If common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in management and engineering practices. The survey presented here is structured according to an initial taxonomy for security metrics proposed in this study.
Original languageEnglish
Title of host publicationNordsec 2007
Subtitle of host publicationSupplemental Booklet of Short Papers
Number of pages11
Publication statusPublished - 2007
MoE publication typeA4 Article in a conference publication
EventNordsec 2007 - Reykjavik, Iceland
Duration: 11 Oct 200712 Oct 2007

Conference

ConferenceNordsec 2007
CountryIceland
CityReykjavik
Period11/10/0712/10/07

    Fingerprint

Cite this

Savola, R. (2007). A taxonomical approach for information security metrics development. In Nordsec 2007: Supplemental Booklet of Short Papers