Abstract
How secure is a software product or a telecommunication network, or
their fusion? In order to obtain evidence of the security performance (or
level) of products or an organization, systematic approaches to measuring
security are needed. In this study we survey the emerging security metrics
approaches from the academic, governmental and industrial perspectives. We aim
to bridge the gaps between business management, information security
management and ICT product security practices. If common metrics approaches
between different security disciplines can be found, this will advance our
holistic understanding and capabilities, both in management and engineering
practices. The survey presented here is structured according to an initial
taxonomy for security metrics proposed in this study.
Original language | English |
---|---|
Title of host publication | Nordsec 2007 |
Subtitle of host publication | Supplemental Booklet of Short Papers |
Number of pages | 11 |
Publication status | Published - 2007 |
MoE publication type | A4 Article in a conference publication |
Event | Nordsec 2007 - Reykjavik, Iceland Duration: 11 Oct 2007 → 12 Oct 2007 |
Conference
Conference | Nordsec 2007 |
---|---|
Country/Territory | Iceland |
City | Reykjavik |
Period | 11/10/07 → 12/10/07 |