A visualization and modeling tool for security metrics and measurements management

Reijo Savola, Petri Heinonen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    19 Citations (Scopus)

    Abstract

    Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making
    Original languageEnglish
    Title of host publicationProceedings of the ISSA 2011 Conference
    Subtitle of host publicationInformation Security for South Africa
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Number of pages8
    ISBN (Electronic)978-1-4577-1483-2
    ISBN (Print)978-1-4577-1482-5
    DOIs
    Publication statusPublished - 2011
    MoE publication typeA4 Article in a conference publication
    Event2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa
    Duration: 15 Aug 201117 Aug 2011

    Conference

    Conference2011 Conference on Information Security for South Africa, ISSA 2011
    Abbreviated titleISSA 2011
    CountrySouth Africa
    CityJohannesburg
    Period15/08/1117/08/11

      Fingerprint

    Keywords

    • Risk management
    • security assurance
    • security metrics
    • visualization

    Cite this

    Savola, R., & Heinonen, P. (2011). A visualization and modeling tool for security metrics and measurements management. In Proceedings of the ISSA 2011 Conference: Information Security for South Africa IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ISSA.2011.6027518