A visualization and modeling tool for security metrics and measurements management

Reijo Savola, Petri Heinonen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    18 Citations (Scopus)

    Abstract

    Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making
    Original languageEnglish
    Title of host publicationProceedings of the ISSA 2011 Conference
    Subtitle of host publicationInformation Security for South Africa
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Number of pages8
    ISBN (Electronic)978-1-4577-1483-2
    ISBN (Print)978-1-4577-1482-5
    DOIs
    Publication statusPublished - 2011
    MoE publication typeA4 Article in a conference publication
    Event2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa
    Duration: 15 Aug 201117 Aug 2011

    Conference

    Conference2011 Conference on Information Security for South Africa, ISSA 2011
    Abbreviated titleISSA 2011
    CountrySouth Africa
    CityJohannesburg
    Period15/08/1117/08/11

    Fingerprint

    Visualization
    Decision making
    Security of data
    Risk management
    Specifications

    Keywords

    • Risk management
    • security assurance
    • security metrics
    • visualization

    Cite this

    Savola, R., & Heinonen, P. (2011). A visualization and modeling tool for security metrics and measurements management. In Proceedings of the ISSA 2011 Conference: Information Security for South Africa IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ISSA.2011.6027518
    Savola, Reijo ; Heinonen, Petri. / A visualization and modeling tool for security metrics and measurements management. Proceedings of the ISSA 2011 Conference: Information Security for South Africa. IEEE Institute of Electrical and Electronic Engineers , 2011.
    @inproceedings{1b04a00bd9d64a4a8bb6248400d83f9e,
    title = "A visualization and modeling tool for security metrics and measurements management",
    abstract = "Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making",
    keywords = "Risk management, security assurance, security metrics, visualization",
    author = "Reijo Savola and Petri Heinonen",
    year = "2011",
    doi = "10.1109/ISSA.2011.6027518",
    language = "English",
    isbn = "978-1-4577-1482-5",
    booktitle = "Proceedings of the ISSA 2011 Conference",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Savola, R & Heinonen, P 2011, A visualization and modeling tool for security metrics and measurements management. in Proceedings of the ISSA 2011 Conference: Information Security for South Africa. IEEE Institute of Electrical and Electronic Engineers , 2011 Conference on Information Security for South Africa, ISSA 2011, Johannesburg, South Africa, 15/08/11. https://doi.org/10.1109/ISSA.2011.6027518

    A visualization and modeling tool for security metrics and measurements management. / Savola, Reijo; Heinonen, Petri.

    Proceedings of the ISSA 2011 Conference: Information Security for South Africa. IEEE Institute of Electrical and Electronic Engineers , 2011.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - A visualization and modeling tool for security metrics and measurements management

    AU - Savola, Reijo

    AU - Heinonen, Petri

    PY - 2011

    Y1 - 2011

    N2 - Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making

    AB - Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making

    KW - Risk management

    KW - security assurance

    KW - security metrics

    KW - visualization

    U2 - 10.1109/ISSA.2011.6027518

    DO - 10.1109/ISSA.2011.6027518

    M3 - Conference article in proceedings

    SN - 978-1-4577-1482-5

    BT - Proceedings of the ISSA 2011 Conference

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Savola R, Heinonen P. A visualization and modeling tool for security metrics and measurements management. In Proceedings of the ISSA 2011 Conference: Information Security for South Africa. IEEE Institute of Electrical and Electronic Engineers . 2011 https://doi.org/10.1109/ISSA.2011.6027518